The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the setftpcfg function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router’s microprogramming system is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass existing security...

WAVLINK AC3000 nas.cgi add_dir function's adddir_name parameter command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the adddirname parameter of the nas.cgi adddir function to correctly filter construct command special character...

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39790

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

CVE-2024-39789

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

CVE-2024-39795

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39788

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

CVE-2024-39794

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

CVE-2024-39784

Multiple command execution vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...

CVE-2024-39786

Multiple directory traversal vulnerabilities exist in the nas.cgi adddir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal...

CVE-2024-39360

An os command injection vulnerability exists in the nas.cgi removedir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the nas.cgi setnas function failing to correctly filter constructed command special characters, commands, and so on. An attack...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that stems from the nas.cgi removedir function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to...

WAVLINK AC3000 路径遍历漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a path traversal vulnerability, which stems from the failure of the adddirname parameter of the nas.cgi adddir function to correctly filter special elements in the path of a resource or file. An attacke...

PT-2025-2573 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple external config control vulnerabilities exist in the nas.cgi set nas proftpd functionality. A specially crafted HTTP request can lead to permission bypass. An attacker can make a...

PT-2025-2572 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple external config control vulnerabilities exist in the nas.cgi set nas proftpd functionality. A specially crafted HTTP request can lead to permission bypass. An attacker can make a...

PT-2025-2546 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A vulnerability exists in the set nas function of nas.cgi, allowing for external configuration control. This can be exploited through a specially crafted HTTP request, potentially leading...