Filtered by vendor Wavlink
Subscriptions
Total
181 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39788 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter. | ||||
| CVE-2024-39787 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. | ||||
| CVE-2024-39786 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | ||||
| CVE-2024-39785 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. | ||||
| CVE-2024-39784 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter. | ||||
| CVE-2024-39783 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter. | ||||
| CVE-2024-39782 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter. | ||||
| CVE-2024-39781 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter. | ||||
| CVE-2024-39770 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter. | ||||
| CVE-2024-39769 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter. | ||||
| CVE-2024-39768 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter. | ||||
| CVE-2024-39765 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. | ||||
| CVE-2024-39764 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. | ||||
| CVE-2024-39763 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. | ||||
| CVE-2024-39762 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 9.1 Critical |
| Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. | ||||
| CVE-2024-39761 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 10 Critical |
| Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter. | ||||
| CVE-2024-39760 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 10 Critical |
| Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. | ||||
| CVE-2024-39759 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | 10 Critical |
| Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. | ||||
| CVE-2025-61128 | 1 Wavlink | 3 M30hg3 V240730, Quantum D3g, Wl-wn530hg3 | 2025-10-30 | 9.1 Critical |
| Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi. | ||||
| CVE-2022-35518 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2025-10-20 | 4.6 Medium |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | ||||