CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-39273 |
Description: A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-38666 |
Description: An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-37357 |
Description: A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-37186 |
Description: An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-37184 |
Description: A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-3716 |
Description: A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36512 |
Description: An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
CVSS: HIGH (7.0) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36510 |
Description: An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
CVSS: MEDIUM (4.9) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36506 |
Description: An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
CVSS: LOW (3.5) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2024-36504 |
Description: An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|