Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39803 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.
|
|||||
| CVE-2024-39802 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.
|
|||||
| CVE-2024-39801 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.
|
|||||
| CVE-2024-39800 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.
|
|||||
| CVE-2024-39799 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.
|
|||||
| CVE-2024-39798 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.
|
|||||
| CVE-2024-39795 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.
|
|||||
| CVE-2024-39794 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter.
|
|||||
| CVE-2024-39793 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.
|
|||||
| CVE-2024-39790 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.
|
|||||
| CVE-2024-39789 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.
|
|||||
| CVE-2024-39788 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.
|
|||||
| CVE-2024-39787 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.
|
|||||
| CVE-2024-39786 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.
|
|||||
| CVE-2024-39785 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.
|
|||||
| CVE-2024-39784 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.
|
|||||
| CVE-2024-39783 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter.
|
|||||
| CVE-2024-39782 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter.
|
|||||
| CVE-2024-39781 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.
|
|||||
| CVE-2024-39770 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.
|
|||||
| CVE-2024-39769 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter.
|
|||||
| CVE-2024-39768 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter.
|
|||||
| CVE-2024-39765 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter.
|
|||||
| CVE-2024-39764 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter.
|
|||||
| CVE-2024-39763 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter.
|
|||||
| CVE-2024-39762 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 9.1 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter.
|
|||||
| CVE-2024-39761 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 10.0 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter.
|
|||||
| CVE-2024-39760 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 10.0 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter.
|
|||||
| CVE-2024-39759 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-11-03 | N/A | 10.0 CRITICAL |
|
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter.
|
|||||
| CVE-2024-39363 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-25 | N/A | 9.6 CRITICAL |
|
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-39773 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-22 | N/A | 5.3 MEDIUM |
|
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-39774 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-22 | N/A | 9.1 CRITICAL |
|
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-39756 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-39757 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-36295 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-36493 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-37184 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-37186 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-37357 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2024-39603 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
|
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||