The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the restartminvalue parameter. Exploiting this vulnerability allows a remote...

PT-2024-10141 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...