16587 matches found
CVE-2024-39604
A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2024-39359
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36493
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36493
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39359
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39603
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39603
CVE-2024-39603 affects Wavlink AC3000 M33A8.V5030.210505; the flaw is a stack-based buffer overflow in wireless.cgi set_wifi_basic_mesh(), triggered via a crafted POST to the basicMesh path. The vulnerability copies an unbounded SSID2G parameter to the heap, then to the stack with sprintf, allowi...
CVE-2024-39603
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39757
CVE-2024-39757 affects the Wavlink AC3000 (M33A8.V5030.210505). TALOS documents a stack-based buffer overflow in wireless.cgi AddMac() triggered by an unauthenticated? Actually, authenticated HTTP request to AddMac via page=AddMac allows an attacker to pass an oversized addMac value that is copie...
CVE-2024-39757
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39757
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-34544
A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-34544
A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36258
A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-36272
A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-36258
A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-39299
A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39299
A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39299
The CVE-2024-39299 entry concerns a buffer overflow in Wavlink AC3000 (M33A8.V5030.210505) within qos.cgi qos_sta_settings(). Talos reports that POST data fields cli_list and cli_num are copied to a fixed-size buffer without length checks, enabling a stack-based overflow and potential arbitrary c...
CVE-2024-36295
CVE-2024-36295 : Talos reports a high-severity (CVSSv3 9.1) command injection in the Wavlink AC3000 (M33A8) web UI, via the qos.cgi qos_sta() path. An authenticated HTTP POST to qos_sta can cause arbitrary commands to be written/executed through the handling of POST fields, by persisting data to ...