VARIoT IoT vulnerabilities database
| VAR-202501-1314 | CVE-2024-39789 | WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11444) |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company
| VAR-202501-1315 | CVE-2024-39788 | WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11443) |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company
| VAR-202501-1298 | CVE-2024-39787 | WAVLINK AC3000 nas.cgi add_dir function disk_part parameter path traversal vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 M33A8.V5030.210505 version has a path traversal vulnerability, which is caused by the disk_part parameter of the nas.cgi add_dir function failing to properly filter special elements in the resource or file path. Attackers can exploit this vulnerability to cause arbitrary file reading
| VAR-202501-1297 | CVE-2024-39786 | WAVLINK AC3000 Path Traversal Vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a path traversal vulnerability, which is caused by the fact that the adddir_name parameter of the nas.cgi add_dir function fails to properly filter special elements in the resource or file path. An attacker can exploit this vulnerability to read arbitrary files
| VAR-202501-1366 | CVE-2024-39785 | WAVLINK AC3000 nas.cgi add_dir function adddir_name parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the adddir_name parameter of the nas.cgi add_dir function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1365 | CVE-2024-39784 | WAVLINK AC3000 nas.cgi add_dir function disk_part parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the disk_part parameter of the nas.cgi add_dir function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1337 | CVE-2024-39783 | WAVLINK AC3000 adm.cgi sch_reboot function restart_week parameter command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_week parameter of the adm.cgi sch_reboot function failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1338 | CVE-2024-39782 | WAVLINK AC3000 adm.cgi sch_reboot function restart_min parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_min parameter of the adm.cgi sch_reboot function failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1379 | CVE-2024-39774 | WAVLINK AC3000 adm.cgi set_sys_adm function buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_sys_adm function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1367 | CVE-2024-39773 | WAVLINK AC3000 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company
| VAR-202501-1319 | CVE-2024-39770 | WAVLINK AC3000 internet.cgi set_qos function en_enable parameter buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the en_enable parameter of the internet.cgi set_qos function failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1317 | CVE-2024-39769 | WAVLINK AC3000 internet.cgi set_qos function cli_mac parameter buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the cli_mac parameter of the internet.cgi set_qos function failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1318 | CVE-2024-39768 | WAVLINK AC3000 internet.cgi set_qos function cli_name parameter buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the cli_name parameter of the internet.cgi set_qos function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1342 | CVE-2024-39765 | WAVLINK AC3000 internet.cgi set_add_routing function custom_interface parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the custom_interface parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1343 | CVE-2024-39764 | WAVLINK AC3000 internet.cgi set_add_routing function dest parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the failure of the dest parameter of the internet.cgi set_add_routing function to properly filter special characters and commands in the constructed command
| VAR-202501-1340 | CVE-2024-39763 | WAVLINK AC3000 internet.cgi set_add_routing function gateway parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the gateway parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1341 | CVE-2024-39762 | WAVLINK AC3000 internet.cgi set_add_routing function netmask parameter command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the netmask parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1358 | CVE-2024-39761 | WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08325) |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a command injection vulnerability, which stems from the fact that the restart_week_value parameter of the login.cgi set_sys_init function fails to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202501-1359 | CVE-2024-39760 | WAVLINK AC3000 login.cgi set_sys_init function restart_min_value parameter command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_min_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1357 | CVE-2024-39759 | WAVLINK AC3000 login.cgi set_sys_init function restart_hour_value parameter command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_hour_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution