Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-39604 |
Description: A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39603 |
Description: A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39602 |
Description: An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39370 |
Description: An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39367 |
Description: An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39363 |
Description: A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39360 |
Description: An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39359 |
Description: A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39358 |
Description: A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|
|
CVE-2024-39357 |
Description: A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (3 months ago)
|