Wavlink AC3000 nas.cgi set_nas() proftpd Configuration Control Vulnerabilities

🗓️ 14 Jan 2025 00:00:00Reported by Talos IntelligenceType

talos

talos🔗 www.talosintelligence.com👁 28 Views

Wavlink AC3000 vulnerabilities allow permission bypass via crafted HTTP requests on proftpd config.

Reporter	Title	Published	Views	Family All 33
BDU FSTEC	The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.	5 Mar 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.	5 Mar 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the set_ftp_cfg() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.	5 Mar 202500:00	–	bdu_fstec
Circl	CVE-2024-39793	14 Jan 202515:18	–	circl
Circl	CVE-2024-39794	14 Jan 202515:18	–	circl
Circl	CVE-2024-39795	14 Jan 202515:18	–	circl
CNNVD	WAVLINK AC3000 安全漏洞	14 Jan 202500:00	–	cnnvd
CNNVD	WAVLINK AC3000 安全漏洞	14 Jan 202500:00	–	cnnvd
CNNVD	WAVLINK AC3000 安全漏洞	14 Jan 202500:00	–	cnnvd
CNVD	WAVLINK AC3000 External Configuration Control Vulnerability	17 Jan 202500:00	–	cnvd

14 Jan 2025 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.2 - 9.1

EPSS0.00064

SSVC

wavlink ac3000 vulnerabilities proftpd configuration permission bypass http requests cve-2024-39794