WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that originates from the touchlistsync.cgi touchlistsync function failing to correctly filter constructed command special characters, commands, etc. An attacker could u...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China RuiYin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the touchlistsync.cgi touchlistsync function that fails to properly validate the length of the input data, which can be exploited by an attacker to...

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlistsync.cgi...

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlistsync.cgi...

CVE-2024-38894

CVE-2024-38894 affects WAVLINK WN551K1 routers. A command injection flaw can be triggered by the IP parameter in /cgi-bin/touchlist_sync.cgi, allowing an attacker to inject commands through that parameter. The issue is described across multiple sources (Red Hat, CNVD, NVD, CNNVD) with no explicit...

CVE-2024-38894

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlistsync.cgi...

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

Command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

CVE-2022-2488

Summary: CVE-2022-2488 affects WAVLINK WN535K2 and WN535K3 routers. The issue is an OS command injection in the web endpoint /cgi-bin/touchlist_sync.cgi triggered by manipulating the IP parameter. Affected software: WAVLINK WN535K2/WN535K3 (router firmware). Root cause / vulnerability detail (as ...