CVE-2024-39370

An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39370

An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-37186

An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-37186

CVE-2024-37186 affects Wavlink AC3000 M33A8.V5030.210505. Talos details an OS command-injection in adm.cgi set_ledonoff(): an authenticated HTTP request can trigger arbitrary command execution via the led_cmd parameter, leading to high impact. Affected version and firmware: Wavlink AC3000 M33A8.V...

CVE-2024-37186

An os command injection vulnerability exists in the adm.cgi setledonoff functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39781

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39782

Summary: CVE-2024-39782 (Wavlink AC3000 M33A8.V5030.210505) is a command-injection vulnerability in the adm.cgi sch_reboot() function, triggered via the restart_min parameter in an authenticated HTTP request. The underlying defect allows crafting input that forms a crontab-like entry stored in NV...

CVE-2024-39783

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39781

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39781

CVE-2024-39781 affects Wavlink AC3000 M33A8.V5030.210505; the adm.cgi sch_reboot() function is vulnerable to OS command injection via restart_hour, restart_min, or restart_week parameters. The exploit can place a crafted cron entry into SCH_Reboot that writes to the device’s crontab (adm2860 user...

CVE-2024-39782

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39783

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39773

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-39773

CVE-2024-39773 affects Wavlink AC3000 (M33A8.V5030.210505). The issue resides in testsave.sh, which can disclose sensitive information via HTTP requests by dumping /var/log/messages due to how the lighttpd CGI/SH files are callable. CVSSv3.1 score is 5.3 (NETWORK, LOW attack complexity, no privil...

CVE-2024-39273

CVE-2024-39273 affects the Wavlink AC3000 router (M33A8.V5030.210505). Talos reports a firmware-update vulnerability in the fw_check.sh script used to fetch updates from two HTTP URLs. The vulnerability arises from lack of authentication and the ability to fetch and validate firmware metadata ove...

CVE-2024-39608

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...

CVE-2024-39604

A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2024-39357

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39604

A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2024-39357

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...