VARIoT IoT vulnerabilities database

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the failure of the dest parameter of the internet.cgi set_add_routing function to properly filter special characters and commands in the constructed command

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the gateway parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the netmask parameter of the internet.cgi set_add_routing function failing to properly filter special characters and commands in the constructed command

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a command injection vulnerability, which stems from the fact that the restart_week_value parameter of the login.cgi set_sys_init function fails to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_min_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the restart_hour_value parameter of the login.cgi set_sys_init function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi AddMac function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi rep_as_router function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary commands

A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi set_wifi_basic_mesh function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the nas.cgi set_nas function failing to properly filter special characters and commands in the constructed command

An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the adm.cgi set_MeshAp function failing to properly filter special characters and commands in the constructed command

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the firewall.cgi iptablesWebsFilterRun function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. No detailed vulnerability details are currently available

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a command injection vulnerability, which is caused by the nas.cgi remove_dir function failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands

A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_wzap function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi SetName function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service