CVE-2024-39783

Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39769

Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...

CVE-2024-39765

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39288

A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

CVE-2024-39761

Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...

CVE-2024-39789

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39608

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39790

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2026-0731

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-1981

Name of the Vulnerable Software and Affected Versions TOTOLINK WA1200 version 5.9c.2914 Description A flaw exists in the HTTP Request Handler component of TOTOLINK WA1200 version 5.9c.2914. Specifically, the issue resides in an unknown function within the cstecgi.cgi file. This manipulation resul...

CRLF Injection

io.netty, netty-codec-http is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the request URI in HttpRequestEncoder, which allows an attacker to inject CRLF sequences and smuggle malicious HTTP requests...

CVE-1999-0378

InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands...

CVE-1999-0448

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request...

CVE-2019-7404

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100$today'sdate.log for reading a filename such as gapm7100190101.log...