4 matches found
CVE-2024-39784
creationtimestamp| type| source ---|---|--- 2025-01-14 15:18:23+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpkd7qr4v2j 2025-01-14 15:49:56+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113827498882766447 2025-01-14 17:20:38+00:00| seen|...
CVE-2024-39784
CVE-2024-39784 is a confirmed command-injection vulnerability in Wavlink AC3000, affecting the NAS CGI (nas.cgi) add_dir() function. Talos reports the flaw resides in processing of the disk_part POST parameter (and related adddir_name in a parallel CVE-2024-39785 path), enabling arbitrary shell c...
CVE-2024-39784
Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
Wavlink AC3000 nas.cgi add_dir() command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-2058 Wavlink AC3000 nas.cgi adddir command injection vulnerabilities January 14, 2025 CVE Number CVE-2024-39784,CVE-2024-39785 SUMMARY Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A...