16587 matches found
CVE-2024-37186
An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-37184
A buffer overflow vulnerability exists in the adm.cgi repasbridge functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-38666
An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36272
A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36258
A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-36295
A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36493
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-34544
A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21797
A command execution vulnerability exists in the adm.cgi setTR069 functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39363
A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2024-39363
Mode C: TALOS identifies CVE-2024-39363 as a persistent XSS in Wavlink AC3000 login.cgi set_lang_CountryCode(), affecting version M33A8.V5030.210505. An unauthenticated HTTP request can trigger a stored XSS, enabling information disclosure and potential session/cookie exposure, with risk to admin...
CVE-2024-39759
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39761
CVE-2024-39761 affects the Wavlink AC3000 (M33A8.V5030.210505). Talos and Red Hat/CNVD reports describe unauthenticated command-injection flaws in login.cgi set_sys_init(), specifically via restart_hour_value, restart_min_value, and restart_week_value parameters that can inject cron entries (SCH_...
CVE-2024-39759
CVE-2024-39759 affects the Wavlink AC3000 M33A8.V5030.210505 router, where multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() function. The root cause is improper handling of input in the restart_hour_value (and related) POST parameters, which can be invoked by un...
CVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39764
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-36290
A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-39765
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39763
CVE-2024-39763 affects Wavlink AC3000 M33A8.V5030.210505. Talos details multiple OS command-injection vulnerabilities in the internet.cgi set_add_routing() function, exploitable via authenticated HTTP requests. The gateway, netmask, dest, interface, custom_interface, and related POST parameters c...