16587 matches found
CVE-2024-39764
CVE-2024-39764 and related entries describe multiple OS command-injection flaws in Wavlink AC3000 M33A8.V5030.210505. The vulnerability surface centers on the internet.cgi set_add_routing() function, with the dest POST parameter (and other inputs such as netmask, gateway, interface, custom_interf...
CVE-2024-39763
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-36290
CVE-2024-36290 affects the Wavlink AC3000 model M33A8.V5030.210505. Talos details a buffer overflow in the login.cgi Goto_chidx() function, triggered by unauthenticated HTTP requests, leading to a stack-based overflow and potential code execution on the device. The vulnerability is rated critical...
CVE-2024-39763
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39765
CVE-2024-39765 affects Wavlink AC3000 (M33A8.V5030.210505). Talos-reported vulnerabilities in internet.cgi set_add_routing() allow OS command injection via the custom_interface POST parameter, potentially enabling arbitrary command execution after authentication. The exploit path involves constru...
CVE-2024-39764
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39765
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39288
A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39762
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39762
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39762
CVE-2024-39762 affects the Wavlink AC3000 (M33A8.V5030.210505). The vulnerability resides in the internet.cgi set_add_routing() function, specifically the netmask parameter, where input is fed into a shell command via popen without input filtering, allowing OS command injection after an authentic...
CVE-2024-39288
CVE-2024-39288 has concrete details in the TALOS advisory: a buffer overflow in the Wavlink AC3000 router’s internet.cgi set_add_routing() function (M33A8.V5030.210505). An authenticated HTTP request can craft input that overflows a stack buffer, allowing arbitrary code execution or a crash. Affe...
CVE-2024-39768
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39769
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39770
CVE-2024-39770 affects Wavlink AC3000 M33A8.V5030.210505: a set_qos() vulnerability in internet.cgi allows buffer overflow via the en_enable POST parameter. TALOS shows a stack-based overflow targeting a 0x400 buffer when concatenating POST fields (cli_name, cli_mac, en_enable), enabling potentia...
CVE-2024-39770
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39769
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39768
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...
CVE-2024-39769
CVE-2024-39769 affects Wavlink AC3000, specifically the internet.cgi set_qos() function. The vulnerability is a stack-based buffer overflow in the cli_mac POST parameter (and related cli_name/en_enable issues described in the TALOS report), exploitable via authenticated HTTP requests. Impact stat...
CVE-2024-39770
Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...