VYPR

AC3000

by Wavlink

CVEs (15)

  • CVE-2024-39760CriJan 14, 2025
    risk 0.66cvss 10.0epss 0.17

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these…

  • CVE-2024-36258CriJan 14, 2025
    risk 0.66cvss 10.0epss 0.12

    A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…

  • CVE-2024-34166CriJan 14, 2025
    risk 0.66cvss 10.0epss 0.16

    An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…

  • CVE-2024-39608CriJan 14, 2025
    risk 0.65cvss 10.0epss 0.01

    A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability.

  • CVE-2024-39280CriJan 14, 2025
    risk 0.62cvss 9.1epss 0.34

    An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-38666CriJan 14, 2025
    risk 0.61cvss 9.1epss 0.19

    An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-21797CriJan 14, 2025
    risk 0.61cvss 9.1epss 0.21

    A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39783CriJan 14, 2025
    risk 0.60cvss 9.1epss 0.04

    Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39781CriJan 14, 2025
    risk 0.60cvss 9.1epss 0.04

    Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39765CriJan 14, 2025
    risk 0.60cvss 9.1epss 0.05

    Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39803CriJan 14, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39801CriJan 14, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39794CriJan 14, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39788CriJan 14, 2025
    risk 0.59cvss 9.1epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-36272CriJan 14, 2025
    risk 0.59cvss 9.1epss 0.01

    A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.