Lucene search
K

17 matches found

NVD
NVD
added 2026/05/04 8:16 p.m.10 views

CVE-2026-41923

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS0.02615EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 7:10 p.m.15 views

CVE-2026-41923

CVE-2026-41923 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter....

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 7:10 p.m.7 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 7:10 p.m.34 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS0.02615EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 7:10 p.m.8 views

EUVD-2026-27120

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/19 3:57 p.m.73 views

WAVLINK-WN530H4-Command-Injection-in-set_add_routing

WAVLINK-WN...

5.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.7 views

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.1CVSS5.9AI score0.04156EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.5 views

The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.1CVSS8.2AI score0.05212EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/19 12:0 a.m.7 views

The vulnerability of the set_add_routing() function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning at the control level when processing the netmask parameter. Exploiting this vulnerability allows a remote attacker to...

9.1CVSS8.2AI score0.05876EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/01/14 3:15 p.m.6 views

CVE-2024-39765

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

7.2CVSS6AI score0.05212EPSS
Exploits1References2
OSV
OSV
added 2025/01/14 3:15 p.m.5 views

CVE-2024-39763

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

7.2CVSS6AI score0.04815EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-2555 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

9.1CVSS7.7AI score0.04156EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.6 views

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the gateway parameter of the internet.cgi setaddrouting function to correctly filter the construct command...

9.1CVSS7.8AI score0.04815EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the netmask parameter of the internet.cgi setaddrouting function failing to correctly filter constructed command special...

9.1CVSS7.8AI score0.05876EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-2535 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow vulnerability exists in the set add routing function of internet.cgi. This issue can be triggered by a specially crafted HTTP request, leading to a stack-based buffer...

9.1CVSS7.3AI score0.13476EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function's dest parameter failing to properly filter constructed command special character...

9.1CVSS7.7AI score0.04156EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.8 views

PT-2024-10143 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

9.1CVSS9.4AI score0.04815EPSS
Exploits1References8
Rows per page
Query Builder