VYPR

Vendor CVEs

Wavlink

All CVEs

216 total · sorted by risk
  • CVE-2025-25528Feb 11, 2025
    risk 0.00cvss epss 0.04

    Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands…

  • CVE-2024-39761Jan 14, 2025
    risk 0.00cvss epss 0.08

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these…

  • CVE-2024-39760Jan 14, 2025
    risk 0.00cvss epss 0.17

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these…

  • CVE-2024-39759Jan 14, 2025
    risk 0.00cvss epss 0.08

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these…

  • CVE-2024-36290Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39765Jan 14, 2025
    risk 0.00cvss epss 0.05

    Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39764Jan 14, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39763Jan 14, 2025
    risk 0.00cvss epss 0.05

    Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39762Jan 14, 2025
    risk 0.00cvss epss 0.06

    Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39770Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39769Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39768Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39367Jan 14, 2025
    risk 0.00cvss epss 0.08

    An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-39756Jan 14, 2025
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-37184Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39294Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39358Jan 14, 2025
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39774Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39370Jan 14, 2025
    risk 0.00cvss epss 0.02

    An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-37186Jan 14, 2025
    risk 0.00cvss epss 0.23

    An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39783Jan 14, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39782Jan 14, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39781Jan 14, 2025
    risk 0.00cvss epss 0.04

    Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39754Jan 14, 2025
    risk 0.00cvss epss 0.01

    A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.

  • CVE-2024-39773Jan 14, 2025
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2024-39608Jan 14, 2025
    risk 0.00cvss epss 0.01

    A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability.

  • CVE-2024-39273Jan 14, 2025
    risk 0.00cvss epss 0.01

    A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

  • CVE-2024-39604Jan 14, 2025
    risk 0.00cvss epss 0.02

    A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

  • CVE-2024-39357Jan 14, 2025
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-39359Jan 14, 2025
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-36493Jan 14, 2025
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39603Jan 14, 2025
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…

  • CVE-2024-39757Jan 14, 2025
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-34544Jan 14, 2025
    risk 0.00cvss epss 0.08

    A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-36272Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39299Jan 14, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39803Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39802Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39801Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39800Jan 14, 2025
    risk 0.00cvss epss 0.02

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…

  • CVE-2024-39799Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…

  • CVE-2024-39798Jan 14, 2025
    risk 0.00cvss epss 0.02

    Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…

  • CVE-2024-38666Jan 14, 2025
    risk 0.00cvss epss 0.19

    An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger…

  • CVE-2024-39602Jan 14, 2025
    risk 0.00cvss epss 0.02

    An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39795Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39794Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39793Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…

  • CVE-2024-39360Jan 14, 2025
    risk 0.00cvss epss 0.12

    An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2024-39280Jan 14, 2025
    risk 0.00cvss epss 0.34

    An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2024-39790Jan 14, 2025
    risk 0.00cvss epss 0.01

    Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these…