Wavlink AC3000 internet.cgi set_add_routing() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2021 Wavlink AC3000 internet.cgi setaddrouting buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39288 SUMMARY A buffer overflow vulnerability exists in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A...

CVE-2024-29292

CVE-2024-29292 affects Kasda LinkSmart Router KW6512,

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10429

The CVE-2024-10429 entry concerns WAVLINK WN530H4, WN530HG4 and WN572HG3 devices. Affected is the function set_ipv6 in the file internet.cgi, where manipulation of the IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr arguments leads to command injection. The issue enables remote execution and has b...

WAVLINK多款产品 命令注入漏洞

WAVLINK WN530HG4 and others are products of China RuiYin WAVLINK Company.WAVLINK WN530HG4 is a wireless router.WAVLINK WN530H4 is a router.WAVLINK WN572HG3 is a wireless router. A command injection vulnerability exists in several WAVLINK products. The vulnerability stems from the parameter...

PT-2024-16274 · Wavlink · Wavlink Wn572Hp3 +1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 Description: A critical vulnerability has been found, affecting the function set ipv6 of the file internet.cgi. The...

CVE-2024-10193

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...

CVE-2024-10193 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...

CVE-2024-10193 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...

CVE-2024-10193

The CVE-2024-10193 issue affects WAVLINK WN530H4, WN530HG4, and WN572HG3 up to 20221028, with a vulnerability in the ping_ddns function of internet.cgi. The DDNS parameter manipulation enables command injection, and the attack may be initiated remotely; exploits have been disclosed publicly. Conn...

PT-2024-10143 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

PT-2024-10142 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...