CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-39789 |
Description: Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39788 |
Description: Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39787 |
Description: Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39786 |
Description: Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39785 |
Description: Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39784 |
Description: Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39783 |
Description: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39782 |
Description: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39781 |
Description: Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 15th, 2025 (5 months ago)
|
|
CVE-2024-39774 |
Description: A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (5 months ago)
|