CVE-2024-39784

Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39787

CVE-2024-39787 involves directory traversal in Wavlink AC3000 nas.cgi add_dir() via the disk_part parameter. The root cause is lack of validation/filtering for relative paths ("../" sequences”), enabling an attacker with authenticated HTTP access to create directories with arbitrary permissions a...