33 matches found
CVE-2024-39603
A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39782
Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
CVE-2024-39803
Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...
CVE-2024-39604
A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2024-39608
A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...
CVE-2024-39358
A buffer overflow vulnerability exists in the adm.cgi setwzap functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39774
CVE-2024-39774 is a buffer overflow in Wavlink AC3000's adm.cgi set_sys_adm() function (M33A8.V5030.210505). An authenticated HTTP request can trigger a stack-based overflow, potentially enabling code execution or impact to privacy, integrity, and availability per TALOS findings (CVSSv3 9.1/CRITI...
CVE-2024-39357
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-39299
The CVE-2024-39299 entry concerns a buffer overflow in Wavlink AC3000 (M33A8.V5030.210505) within qos.cgi qos_sta_settings(). Talos reports that POST data fields cli_list and cli_num are copied to a fixed-size buffer without length checks, enabling a stack-based overflow and potential arbitrary c...
PT-2025-2416 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A system os command injection vulnerability exists in the touchlistsync function of touchlist sync.cgi. This issue can be triggered by a specially crafted set of HTTP requests, potentiall...
WAVLINK AC3000 注入漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the adm.cgi setTR069 function to correctly filter constructed command special characters, commands, etc. The...
PT-2025-2445 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow issue exists in the set info functionality of usbip.cgi. This can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. An attacker...
PT-2025-2452 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: A stack-based buffer overflow vulnerability exists in the set wifi basic function within the wireless.cgi component. A specially crafted HTTP request can lead to arbitrary command execution. An...
WAVLINK AC3000 命令注入漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the adm.cgi setledonoff function to correctly filter constructed command special characters, commands, etc. The...
PT-2025-2444 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A stack-based buffer overflow issue exists in the touchlistsync functionality of touchlist sync.cgi. This can be triggered by a specially crafted HTTP request, potentially leading to...
WAVLINK AC3000 命令注入漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the gateway parameter of the internet.cgi setaddrouting function to correctly filter the construct command...
WAVLINK AC3000 命令注入漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the inclusion of multiple operating system command injections...
PT-2025-2561 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow vulnerability exists in the set sys adm function of adm.cgi. This issue can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. A...
PT-2025-2543 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun functionality. This allows an attacker to execute arbitrary code by making a specially crafted HTTP...
PT-2025-2532 · Wavlink · Wavlink Ac3000
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A firmware update issue exists in the fw check.sh functionality. This allows an attacker to perform a man-in-the-middle attack using a specially crafted HTTP request, potentially leading ...