cbcvebase.

Wavlink Ac3000 vulnerabilities

62 known vulnerabilities affecting wavlink/wavlink_ac3000.

Total CVEs
62
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH49MEDIUM2

Vulnerabilities

Page 3 of 4
CVE-2024-39799P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39799 [HIGH] CWE-15 CVE-2024-39799: Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() fu Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists
nvd
CVE-2024-39358P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39358 [HIGH] CWE-120 CVE-2024-39358: A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33 A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39756P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39756 [HIGH] CWE-120 CVE-2024-39756: A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC300 A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39788P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39788 [HIGH] CWE-15 CVE-2024-39788: Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` P
nvd
CVE-2024-39790P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39790 [HIGH] CWE-15 CVE-2024-39790: Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_ses
nvd
CVE-2024-39793P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39793 [HIGH] CWE-15 CVE-2024-39793: Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` P
nvd
CVE-2024-39795P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39795 [HIGH] CWE-15 CVE-2024-39795: Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_ses
nvd
CVE-2024-39801P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39801 [HIGH] CWE-120 CVE-2024-39801: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST
nvd
CVE-2024-39768P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39768 [HIGH] CWE-120 CVE-2024-39768: Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter.
nvd
CVE-2024-39803P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39803 [HIGH] CWE-120 CVE-2024-39803: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST para
nvd
CVE-2024-39770P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39770 [HIGH] CWE-120 CVE-2024-39770: Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.
nvd
CVE-2024-39802P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39802 [HIGH] CWE-120 CVE-2024-39802: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST param
nvd
CVE-2024-39769P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39769 [HIGH] CWE-120 CVE-2024-39769: Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlin Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter.
nvd
CVE-2024-39363P3MEDIUMCVSS 6.1vM33A8.V5030.2105052025-01-14
CVE-2024-39363 [MEDIUM] CWE-80 CVE-2024-39363: A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functional A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39794P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39794 [HIGH] CWE-15 CVE-2024-39794: Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionalit Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` P
nvd
CVE-2024-39789P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39789 [HIGH] CWE-15 CVE-2024-39789: Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` P
nvd
CVE-2024-39299P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39299 [HIGH] CWE-120 CVE-2024-39299: A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-39294P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-39294 [HIGH] CWE-120 CVE-2024-39294: A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-36272P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-36272 [HIGH] CWE-120 CVE-2024-36272: A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2024-37184P3HIGHCVSS 7.2vM33A8.V5030.2105052025-01-14
CVE-2024-37184 [HIGH] CWE-120 CVE-2024-37184: A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC300 A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
Wavlink Ac3000 vulnerabilities | cvebase