Skip to main content
CVE-2024-39760 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-39759 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-39757 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39756 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39754 CRITICAL POC Act Now

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-39608 CRITICAL POC Act Now

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-39604 CRITICAL POC Act Now

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2024-39603 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39602 CRITICAL POC Act Now

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39370 CRITICAL POC Act Now

An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39367 CRITICAL POC Act Now

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39363 CRITICAL POC THREAT Act Now

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

XSS Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.6
EPSS
10.7%
CVE-2024-39360 CRITICAL POC Act Now

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39359 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39358 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39357 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39299 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39294 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39288 CRITICAL POC THREAT Act Now

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
14.8%
CVE-2024-39280 CRITICAL POC Act Now

An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.9%
CVE-2024-39273 CRITICAL POC Act Now

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-38666 CRITICAL POC Act Now

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.9%
CVE-2024-37357 CRITICAL POC THREAT Act Now

A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
14.4%
CVE-2024-37186 CRITICAL POC Act Now

An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.1%
CVE-2024-37184 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-36493 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36295 CRITICAL POC Act Now

A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
7.9%
CVE-2024-36290 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.6%
CVE-2024-36272 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36258 CRITICAL POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

RCE Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
16.5%
CVE-2024-34544 CRITICAL POC Act Now

A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-34166 CRITICAL POC THREAT Act Now

An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
10.2%
CVE-2024-21797 CRITICAL POC Act Now

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
7.9%
CVE-2024-48886 CRITICAL This Week

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +3
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-47572 CRITICAL This Week

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortisoar
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-56841 CRITICAL This Week

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Authentication Bypass LDAP
NVD
CVSS 4.0
9.1
EPSS
0.1%
CVE-2025-20055 CRITICAL This Week

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-12919 CRITICAL PATCH This Week

The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Membership Content Restriction Paid Member Subscriptions
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-0070 CRITICAL This Week

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2025-0066 CRITICAL PATCH This Week

Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

SAP Information Disclosure Sap Basis
NVD
CVSS 3.1
9.9
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy