Wavlink CVEs and Security Vulnerabilities

Filtered by vendor Wavlink Subscriptions

Search

Switch to Advanced Search (Beta)

Total 158 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-39773	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	5.3 Medium
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-39774	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39781	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.
CVE-2024-39782	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter.
CVE-2024-39783	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter.
CVE-2024-39784	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.
CVE-2024-39785	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.
CVE-2024-39786	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.
CVE-2024-39787	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.
CVE-2024-39788	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.
CVE-2024-39789	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.
CVE-2024-39790	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.
CVE-2024-39793	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.
CVE-2024-39794	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter.
CVE-2024-39795	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.
CVE-2024-39756	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39757	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39798	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.
CVE-2024-39799	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.
CVE-2024-39800	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.

« first previous Page 2 of 8. next last »