cbcvebase.

Wavlink Ac3000 vulnerabilities

62 known vulnerabilities affecting wavlink/wavlink_ac3000.

Total CVEs
62
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH49MEDIUM2

Vulnerabilities

Page 2 of 4
CVE-2024-39785P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39785 [HIGH] CWE-74 CVE-2024-39785: Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink A Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST param
nvd
CVE-2024-39784P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39784 [HIGH] CWE-74 CVE-2024-39784: Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink A Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST paramet
nvd
CVE-2024-39762P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39762 [HIGH] CWE-77 CVE-2024-39762: Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netma
nvd
CVE-2024-39765P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39765 [HIGH] CWE-77 CVE-2024-39765: Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custo
nvd
CVE-2024-39763P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39763 [HIGH] CWE-77 CVE-2024-39763: Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gatew
nvd
CVE-2024-39782P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39782 [HIGH] CWE-77 CVE-2024-39782: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wav Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POS
nvd
CVE-2024-39288P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39288 [HIGH] CWE-120 CVE-2024-39288: A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlin A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39764P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39764 [HIGH] CWE-77 CVE-2024-39764: Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functional Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest`
nvd
CVE-2024-37357P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-37357 [HIGH] CWE-120 CVE-2024-37357: A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M3 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39603P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39603 [HIGH] CWE-121 CVE-2024-39603: A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functio A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39273P3HIGHCVSS 8.1vM33A8.V5030.2105052025-01-14
CVE-2024-39273 [HIGH] CWE-306 CVE-2024-39273: A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V503 A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
nvd
CVE-2024-39357P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39357 [HIGH] CWE-121 CVE-2024-39357: A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wa A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39757P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39757 [HIGH] CWE-121 CVE-2024-39757: A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wav A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39359P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39359 [HIGH] CWE-121 CVE-2024-39359: A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-36493P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-36493 [HIGH] CWE-121 CVE-2024-36493: A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionalit A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39800P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39800 [HIGH] CWE-15 CVE-2024-39800: Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists
nvd
CVE-2024-39798P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39798 [HIGH] CWE-15 CVE-2024-39798: Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists
nvd
CVE-2024-39787P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39787 [HIGH] CWE-22 CVE-2024-39787: Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST paramet
nvd
CVE-2024-39786P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39786 [HIGH] CWE-22 CVE-2024-39786: Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST param
nvd
CVE-2024-39370P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39370 [HIGH] CWE-120 CVE-2024-39370: An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlin An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
Wavlink Ac3000 vulnerabilities | cvebase