16587 matches found
CVE-2024-38666
An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39794
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39794
Wavlink AC3000 (M33A8.V5030.210505) is affected by multiple external config control vulnerabilities in the nas.cgi set_nas() proftpd functionality. The issues allow configuration injection via ftp_port and related FTP settings (ftp_name, ftp_port, ftp_max_sessions, etc.) and can enable permission...
CVE-2024-39795
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39794
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39793
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39360
CVE-2024-39360 is a confirmed command-injection in the Wavlink AC3000 NAS CGI’s remove_dir() routine (nas.cgi). Talos details show the vulnerability affects the Wavlink AC3000 M33A8.V5030.210505 and enables arbitrary code execution via a crafted HTTP POST to dir_path when page=rmdir is passed; in...
CVE-2024-39793
Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-39793
CVE-2024-39793 affects the Wavlink AC3000 (M33A8.V5030.210505) nas.cgi set_nas() proftpd functionality. An authenticated HTTP request can inject configuration data via ftp_name (and related ftp_* fields), writing to nvram and ultimately generating a proftpd.conf through storage.sh ftp → proftpd.s...
CVE-2024-39280
An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39790
Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...
CVE-2024-39280
Wavlink AC3000 (M33A8.V5030.210505) has a configuration-control flaw in nas.cgi set_smb_cfg() that allows authenticated HTTP requests to trigger arbitrary command execution via improper handling when writing Samba config (nvram) and invoking samba.sh. Talos details show the vulnerability affects ...
CVE-2024-39280
An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39788
Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...
CVE-2024-39786
The provided connected docs confirm CVE-2024-39786 affects Wavlink AC3000 NAS via nas.cgi add_dir(), specifically the adddir_name parameter. TALOS details show a directory traversal vulnerability allowing an attacker to supply a crafted adddir_name (e.g., using multiple ../ sequences) to manipula...
CVE-2024-39787
Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...
CVE-2024-39786
Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...
CVE-2024-39788
Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...
CVE-2024-39787
CVE-2024-39787 involves directory traversal in Wavlink AC3000 nas.cgi add_dir() via the disk_part parameter. The root cause is lack of validation/filtering for relative paths ("../" sequences”), enabling an attacker with authenticated HTTP access to create directories with arbitrary permissions a...