5908 matches found
CVE-2024-34166
An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-36290
A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-39367
CVE-2024-39367 affects the Wavlink AC3000 M33A8.V5030.210505 firmware, specifically the firewall.cgi iptablesWebsFilterRun() function. A specially crafted, authenticated HTTP request can trigger arbitrary command execution via the websURLFilters handling, where nvram-stored, semicolon-separated e...
CVE-2024-39756
Talos reports CVE-2024-39756 as a buffer overflow in Wavlink AC3000 adm.cgi rep_as_router() for version M33A8.V5030.210505. The overflow occurs when user-supplied data (e.g., wl_rep_ssid2g) is copied to the stack without length checks after passing an authenticated HTTP request, enabling arbitrar...
CVE-2024-39773
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-39608
CVE-2024-39608 is a reported unauthenticated firmware-upload vulnerability in the Wavlink AC3000 (M33A8.V5030.210505) login.cgi. Talos details show an unauthenticated HTTP POST can flash firmware to the device, with full device compromise risk (root access via missing authentication in the firmwa...
CVE-2024-39273
A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2024-39273
A firmware update vulnerability exists in the fwcheck.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2024-39799
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-39799
CVE-2024-39799 (and related CVEs 39798, 39800) affect WAVLINK AC3000 M33A8.V5030.210505 via openvpn.cgi openvpn_server_setup, allowing authentication-protected HTTP POST data to inject arbitrary config into the OpenVPN server. The vulnerability chain reads POST values (sel_open_server_val, sel_op...
CVE-2024-33502
An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execu...
CVE-2024-35275
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests...
CVE-2023-37931
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-88 in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests...
CVE-2024-32115
A relative path traversal vulnerability CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...
CVE-2023-37931
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-88 in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests...
CVE-2024-33502
An improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execu...
CVE-2024-33502
CVE-2024-33502 affects Fortinet FortiManager and FortiAnalyzer. Affected versions include FortiManager/ FortiAnalyzer releases (e.g., 6.x, 7.x series) where a pathname is improperly limited to restricted directories, enabling path traversal. Resulting in potential execution of unauthorized code o...
CVE-2024-46664
A relative path traversal in Fortinet FortiRecorder CWE-23 version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests...
CVE-2024-35273
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests...
CVE-2024-35273
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests...