CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

WAVLINK AC3000 nas.cgi add_dir function path traversal vulnerability in disk_part parameter

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A path traversal vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the diskpart parameter of the nas.cgi adddir function that fails to correctly filter for special elements in the resource or file...

CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

CVE-2024-39784

Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

WAVLINK AC3000 注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the diskpart parameter of the nas.cgi adddir function failing to correctly filter the constructor command special characters,...