Lucene search
+L

32 matches found

redhatcve
redhatcve
added 2026/01/09 8:33 a.m.6 views

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.34167EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 8:32 a.m.8 views

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

9.1CVSS7.4AI score0.0183EPSS
Exploits1References1
hackerone
hackerone
added 2025/11/10 3:55 p.m.16 views

curl: Arbitrary Configuration File Inclusion: via External Control of File Name or Path

Summary: The Arbitrary Configuration File Inclusion ACFI vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name or Path CWE-73, occurring due to the lack of adequate validation on the user-supplied configuration file path. An...

7.1AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-38344

Malicious code in bioql PyPI...

9.1CVSS8.6AI score0.0183EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-38391

Malicious code in bioql PyPI...

9.1CVSS9AI score0.02272EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-38374

Malicious code in bioql PyPI...

9.1CVSS9AI score0.34167EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-38383

Malicious code in bioql PyPI...

9.1CVSS8.5AI score0.01457EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 8:59 a.m.7 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.18881EPSS
Exploits1
osv
osv
added 2025/01/14 3:15 p.m.6 views

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS7.5AI score0.0183EPSS
Exploits1References2
osv
osv
added 2025/01/14 3:15 p.m.6 views

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7.4AI score0.02272EPSS
Exploits1References2
osv
osv
added 2025/01/14 3:15 p.m.5 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7.4AI score0.18881EPSS
Exploits1References2
cve
cve
added 2025/01/14 2:21 p.m.61 views

CVE-2024-39602

CVE-2024-39602 affects WAVLINK AC3000 M33A8.V5030.210505. The vulnerability is in nas.cgi set_nas(), where insufficient input handling allows an authenticated HTTP request to trigger arbitrary command execution via the set_nas flow (external config control). TALOS CVE details indicate a high-seve...

9.1CVSS7.1AI score0.02272EPSS
Exploits1References2Affected Software1
cve
cve
added 2025/01/14 2:21 p.m.55 views

CVE-2024-38666

Cisco Talos reports CVE-2024-38666 affects Wavlink AC3000 M33A8.V5030.210505, where openvpn.cgi openvpn_client_setup() accepts POST data to write into /vendor/openvpn/client/client.ovpn, enabling arbitrary command execution when vpn_type=client and ovpn_text is provided. A specially crafted authe...

9.1CVSS7.1AI score0.18881EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/01/14 2:21 p.m.21 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS0.18881EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/14 2:21 p.m.6 views

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.02272EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/14 2:21 p.m.15 views

CVE-2024-39794

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.01027EPSS
Exploits1References1
cve
cve
added 2025/01/14 2:21 p.m.46 views

CVE-2024-39795

CVE-2024-39795 affects WAVLINK AC3000 (nas.cgi set_nas() proftpd) with multiple external configuration control vulnerabilities. TALOS details unauthenticated? actually requires a valid session to trigger via HTTP and shows how FTP settings (ftp_name, ftp_port, ftp_max_sessions, ftp_adddir, etc.) ...

9.1CVSS7.2AI score0.01457EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/01/14 2:20 p.m.39 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.01457EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/14 2:20 p.m.14 views

CVE-2024-39790

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

9.1CVSS0.01457EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/01/14 2:20 p.m.5 views

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.34167EPSS
Exploits1References1
Rows per page
Query Builder