Skip to main content
CVE-2024-39783 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-39782 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39781 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-39774 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-39773 MEDIUM POC This Month

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-39770 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-39769 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-39768 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-39765 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-39764 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-39763 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39762 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39761 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-39760 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-39759 CRITICAL POC Act Now

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-39757 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39756 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39754 CRITICAL POC Act Now

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-39608 CRITICAL POC Act Now

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-39604 CRITICAL POC Act Now

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2024-39603 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39602 CRITICAL POC Act Now

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39370 CRITICAL POC Act Now

An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39367 CRITICAL POC Act Now

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39363 CRITICAL POC THREAT Act Now

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

XSS Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.6
EPSS
10.7%
CVE-2024-39360 CRITICAL POC Act Now

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39359 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39358 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39357 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39299 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-39294 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39288 CRITICAL POC THREAT Act Now

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
14.8%
CVE-2024-39280 CRITICAL POC Act Now

An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.9%
CVE-2024-39273 CRITICAL POC Act Now

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-38666 CRITICAL POC Act Now

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.9%
CVE-2024-37357 CRITICAL POC THREAT Act Now

A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
14.4%
CVE-2024-37186 CRITICAL POC Act Now

An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
5.1%
CVE-2024-37184 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-36493 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36295 CRITICAL POC Act Now

A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
7.9%
CVE-2024-36290 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.6%
CVE-2024-36272 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36258 CRITICAL POC THREAT Act Now

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

RCE Stack Overflow Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
16.5%
CVE-2024-34544 CRITICAL POC Act Now

A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-34166 CRITICAL POC THREAT Act Now

An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
10.0
EPSS
10.2%
CVE-2024-21797 CRITICAL POC Act Now

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
7.9%
CVE-2024-7344 HIGH POC PATCH This Week

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Neo Impact Greenguard Sysreturn +5
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-56497 MEDIUM This Month

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimail Fortirecorder
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-55593 LOW Monitor

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure SQLi Fortiweb
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-54021 MEDIUM This Month

An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 7 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy