cbcvebase.

Wavlink Ac3000 vulnerabilities

62 known vulnerabilities affecting wavlink/wavlink_ac3000.

Total CVEs
62
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH49MEDIUM2

Vulnerabilities

Page 1 of 4
CVE-2024-39760P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-39760 [CRITICAL] CWE-77 CVE-2024-39760: Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `rest
nvd
CVE-2024-34166P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-34166 [CRITICAL] CWE-77 CVE-2024-34166: An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2024-39761P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-39761 [CRITICAL] CWE-77 CVE-2024-39761: Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `rest
nvd
CVE-2024-39759P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-39759 [CRITICAL] CWE-77 CVE-2024-39759: Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `rest
nvd
CVE-2024-39280P2CRITICALCVSS 9.1vM33A8.V5030.2105052025-01-14
CVE-2024-39280 [CRITICAL] CWE-15 CVE-2024-39280: An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlin An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-36258P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-36258 [CRITICAL] CWE-121 CVE-2024-36258: A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functio A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2024-38666P2CRITICALCVSS 9.1vM33A8.V5030.2105052025-01-14
CVE-2024-38666 [CRITICAL] CWE-15 CVE-2024-38666: An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functional An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39608P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-39608 [CRITICAL] CWE-306 CVE-2024-39608: A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030. A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability.
nvd
CVE-2024-37186P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-37186 [HIGH] CWE-77 CVE-2024-37186: An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-36295P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-36295 [HIGH] CWE-74 CVE-2024-36295: A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M3 A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-21797P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-21797 [HIGH] CWE-74 CVE-2024-21797: A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39754P2CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-39754 [CRITICAL] CWE-912 CVE-2024-39754: A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505 A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.
nvd
CVE-2024-36290P3CRITICALCVSS 9.8vM33A8.V5030.2105052025-01-14
CVE-2024-36290 [CRITICAL] CWE-120 CVE-2024-36290: A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39602P3CRITICALCVSS 9.1vM33A8.V5030.2105052025-01-14
CVE-2024-39602 [CRITICAL] CWE-15 CVE-2024-39602: An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39360P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39360 [HIGH] CWE-77 CVE-2024-39360: An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-34544P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-34544 [HIGH] CWE-74 CVE-2024-34544: A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC300 A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39367P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39367 [HIGH] CWE-77 CVE-2024-39367: An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionali An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39783P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39783 [HIGH] CWE-77 CVE-2024-39783: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` PO
nvd
CVE-2024-39781P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39781 [HIGH] CWE-77 CVE-2024-39781: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` PO
nvd
CVE-2024-39604P3HIGHCVSS 8.1vM33A8.V5030.2105052025-01-14
CVE-2024-39604 [HIGH] CWE-74 CVE-2024-39604: A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
Wavlink Ac3000 vulnerabilities | cvebase