VARIoT IoT vulnerabilities database
| VAR-202501-1379 | CVE-2024-39774 | WAVLINK AC3000 adm.cgi set_sys_adm function buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_sys_adm function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1319 | CVE-2024-39770 | WAVLINK AC3000 internet.cgi set_qos function en_enable parameter buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the en_enable parameter of the internet.cgi set_qos function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1318 | CVE-2024-39768 | WAVLINK AC3000 internet.cgi set_qos function cli_name parameter buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the cli_name parameter of the internet.cgi set_qos function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1342 | CVE-2024-39765 | WAVLINK AC3000 internet.cgi set_add_routing function custom_interface parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the custom_interface parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1343 | CVE-2024-39764 | WAVLINK AC3000 internet.cgi set_add_routing function dest parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the failure of the dest parameter of the internet.cgi set_add_routing function to properly filter special characters and commands in the constructed command
| VAR-202501-1340 | CVE-2024-39763 | WAVLINK AC3000 internet.cgi set_add_routing function gateway parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the gateway parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1341 | CVE-2024-39762 | WAVLINK AC3000 internet.cgi set_add_routing function netmask parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the netmask parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1359 | CVE-2024-39760 | WAVLINK AC3000 login.cgi set_sys_init function restart_min_value parameter command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_min_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1357 | CVE-2024-39759 | WAVLINK AC3000 login.cgi set_sys_init function restart_hour_value parameter command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_hour_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1349 | CVE-2024-39756 | WAVLINK AC3000 adm.cgi rep_as_router function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi rep_as_router function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1299 | CVE-2024-39602 | WAVLINK AC3000 nas.cgi set_nas function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the nas.cgi set_nas function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1413 | CVE-2024-39370 | WAVLINK AC3000 adm.cgi set_MeshAp function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the adm.cgi set_MeshAp function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1300 | CVE-2024-39367 | WAVLINK AC3000 firewall.cgi iptablesWebsFilterRun function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the firewall.cgi iptablesWebsFilterRun function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1322 | CVE-2024-39358 | WAVLINK AC3000 adm.cgi set_wzap function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_wzap function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1415 | CVE-2024-39294 | WAVLINK AC3000 adm.cgi set_wzdgw4G function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_wzdgw4G function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1323 | CVE-2024-39280 | WAVLINK AC3000 nas.cgi set_smb_cfg function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the nas.cgi set_smb_cfg function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1370 | CVE-2024-37357 | WAVLINK AC3000 adm.cgi set_TR069 function buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_TR069 function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1301 | CVE-2024-37186 | WAVLINK AC3000 adm.cgi set_ledonoff function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_ledonoff function failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1373 | CVE-2024-37184 | WAVLINK AC3000 adm.cgi rep_as_bridge function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi rep_as_bridge function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1324 | CVE-2024-36290 | WAVLINK AC3000 login.cgi Goto_chidx function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 10.0 Severity: CRITICAL |
A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the login.cgi Goto_chidx function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack