VARIoT IoT vulnerabilities database
| VAR-202501-1360 | CVE-2024-39299 | WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08331) |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202501-1415 | CVE-2024-39294 | WAVLINK AC3000 adm.cgi set_wzdgw4G function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_wzdgw4G function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1369 | CVE-2024-39288 | WAVLINK AC3000 internet.cgi set_add_routing function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the internet.cgi set_add_routing function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1323 | CVE-2024-39280 | WAVLINK AC3000 nas.cgi set_smb_cfg function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the nas.cgi set_smb_cfg function failing to properly filter special characters and commands in the constructed command
| VAR-202501-1383 | CVE-2024-39273 | WAVLINK AC3000 Access Control Error Vulnerability |
CVSS V2: 7.6 CVSS V3: 9.0 Severity: CRITICAL |
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. No detailed vulnerability details are currently available
| VAR-202501-1435 | CVE-2024-38666 | WAVLINK AC3000 External Configuration Control Vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has an external configuration control vulnerability, which stems from the fact that the openvpn.cgi openvpn_client_setup function fails to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202501-1370 | CVE-2024-37357 | WAVLINK AC3000 adm.cgi set_TR069 function buffer overflow vulnerability |
CVSS V2: 9.0 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_TR069 function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1301 | CVE-2024-37186 | WAVLINK AC3000 adm.cgi set_ledonoff function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_ledonoff function failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202501-1373 | CVE-2024-37184 | WAVLINK AC3000 adm.cgi rep_as_bridge function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi rep_as_bridge function failing to properly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1404 | CVE-2024-36493 | WAVLINK AC3000 wireless.cgi set_wifi_basic function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi set_wifi_basic function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202501-1421 | CVE-2024-36295 | WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08332) |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a command injection vulnerability, which is caused by the qos.cgi qos_sta function failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202501-1324 | CVE-2024-36290 | WAVLINK AC3000 login.cgi Goto_chidx function buffer overflow vulnerability |
CVSS V2: 8.3 CVSS V3: 10.0 Severity: CRITICAL |
A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the login.cgi Goto_chidx function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
| VAR-202501-1426 | CVE-2024-36272 | WAVLINK AC3000 Buffer Overflow Vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can use this vulnerability to execute arbitrary code or cause a denial of service
| VAR-202501-1350 | CVE-2024-36258 | WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08333) |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the touchlist_sync.cgi touchlistsync function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202501-1325 | CVE-2024-34544 | WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-09263) |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202501-1394 | CVE-2024-34166 | WAVLINK AC3000 Command Injection Vulnerability (CNVD-2025-08334) |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company.
WAVLINK AC3000 has a command injection vulnerability, which is caused by the touchlist_sync.cgi touchlistsync function failing to properly filter special characters and commands in constructing commands. Attackers can exploit this vulnerability to execute arbitrary commands
| VAR-202501-1374 | CVE-2024-21797 | WAVLINK AC3000 adm.cgi set_TR069 function command injection vulnerability |
CVSS V2: 8.3 CVSS V3: 9.1 Severity: CRITICAL |
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the adm.cgi set_TR069 function failing to properly filter special characters and commands in the constructed command
| VAR-202501-2383 | CVE-2024-48884 | Path traversal vulnerability in multiple Fortinet products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. FortiManager , FortiManager Cloud , FortiProxy There is a path traversal vulnerability in several Fortinet products, including:Information is tampered with and service operation is interrupted (DoS) It may be in a state
| VAR-202501-3423 | CVE-2024-40587 | fortinet's FortiVoice In OS Command injection vulnerability |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. fortinet's FortiVoice for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202501-2603 | CVE-2024-27778 | fortinet's FortiSandbox In OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. fortinet's FortiSandbox for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state