Lucene search
K

4 matches found

Circl
Circl
added 2025/01/14 3:18 p.m.22 views

CVE-2024-39784

creationtimestamp| type| source ---|---|--- 2025-01-14 15:18:23+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpkd7qr4v2j 2025-01-14 15:49:56+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113827498882766447 2025-01-14 17:20:38+00:00| seen|...

9.1CVSS7.8AI score0.06193EPSS
Exploits1References3
CVE
CVE
added 2025/01/14 2:20 p.m.63 views

CVE-2024-39784

CVE-2024-39784 is a confirmed command-injection vulnerability in Wavlink AC3000, affecting the NAS CGI (nas.cgi) add_dir() function. Talos reports the flaw resides in processing of the disk_part POST parameter (and related adddir_name in a parallel CVE-2024-39785 path), enabling arbitrary shell c...

9.1CVSS7.7AI score0.06193EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/01/14 2:20 p.m.30 views

CVE-2024-39784

Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

9.1CVSS0.06193EPSS
Exploits1References1
Talos
Talos
added 2025/01/14 12:0 a.m.28 views

Wavlink AC3000 nas.cgi add_dir() command injection vulnerabilities

Talos Vulnerability Report TALOS-2024-2058 Wavlink AC3000 nas.cgi adddir command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39784,CVE-2024-39785 SUMMARY Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A...

9.1CVSS8.2AI score0.06193EPSS
Exploits2
Rows per page
Query Builder