VYPR

AC3000

by Wavlink

CVEs (58)

  • CVE-2024-39801Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.

  • CVE-2024-39800Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.

  • CVE-2024-39799Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.

  • CVE-2024-39798Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.

  • CVE-2024-38666Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.06

    An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39602Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39795Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.

  • CVE-2024-39794Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter.

  • CVE-2024-39793Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.

  • CVE-2024-39360Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39280Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.06

    An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39790Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.

  • CVE-2024-39789Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.

  • CVE-2024-39788Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.

  • CVE-2024-39787Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.

  • CVE-2024-39786Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.

  • CVE-2024-39785Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.

  • CVE-2024-39784Jan 14, 2025
    Wavlink
    AC3000
    risk 0.00cvss epss 0.00

    Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.

Page 3 of 3