AC3000
by Wavlink
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39760 | Cri | 0.66 | 10.0 | 0.17 | Jan 14, 2025 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these… | ||
| CVE-2024-36258 | Cri | 0.66 | 10.0 | 0.12 | Jan 14, 2025 | A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this… | ||
| CVE-2024-34166 | Cri | 0.66 | 10.0 | 0.16 | Jan 14, 2025 | An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this… | ||
| CVE-2024-39608 | Cri | 0.65 | 10.0 | 0.01 | Jan 14, 2025 | A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | ||
| CVE-2024-39280 | Cri | 0.62 | 9.1 | 0.34 | Jan 14, 2025 | An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this… | ||
| CVE-2024-38666 | Cri | 0.61 | 9.1 | 0.19 | Jan 14, 2025 | An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger… | ||
| CVE-2024-21797 | Cri | 0.61 | 9.1 | 0.21 | Jan 14, 2025 | A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||
| CVE-2024-39783 | Cri | 0.60 | 9.1 | 0.04 | Jan 14, 2025 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-39781 | Cri | 0.60 | 9.1 | 0.04 | Jan 14, 2025 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-39765 | Cri | 0.60 | 9.1 | 0.05 | Jan 14, 2025 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger… | ||
| CVE-2024-39803 | Cri | 0.59 | 9.1 | 0.01 | Jan 14, 2025 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-39801 | Cri | 0.59 | 9.1 | 0.01 | Jan 14, 2025 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-39794 | Cri | 0.59 | 9.1 | 0.01 | Jan 14, 2025 | Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-39788 | Cri | 0.59 | 9.1 | 0.01 | Jan 14, 2025 | Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these… | ||
| CVE-2024-36272 | Cri | 0.59 | 9.1 | 0.01 | Jan 14, 2025 | A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
- risk 0.66cvss 10.0epss 0.17
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these…
- risk 0.66cvss 10.0epss 0.12
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…
- risk 0.66cvss 10.0epss 0.16
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this…
- risk 0.65cvss 10.0epss 0.01
A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability.
- risk 0.62cvss 9.1epss 0.34
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…
- risk 0.61cvss 9.1epss 0.19
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…
- risk 0.61cvss 9.1epss 0.21
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- risk 0.60cvss 9.1epss 0.04
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.60cvss 9.1epss 0.04
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.60cvss 9.1epss 0.05
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…
- risk 0.59cvss 9.1epss 0.01
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.59cvss 9.1epss 0.01
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.59cvss 9.1epss 0.01
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.59cvss 9.1epss 0.01
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…
- risk 0.59cvss 9.1epss 0.01
A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.