CVE Catalog

Multiple directory traversal vulnerabilities have been identified in the Wavlink AC3000 router, specifically in the nas.cgi add_dir() functionality, version M33A8.V5030.210505. These vulnerabilities allow for permission bypass by exploiting the adddir_name and disk_part POST parameters. An authenticated user can send a crafted HTTP request that takes advantage of improper input validation, leading to unauthorized modification of file or directory permissions on the device.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the nas.cgi add_dir() functionality. This vulnerability allows authenticated users to execute arbitrary commands on the device by sending a specially crafted HTTP request. The issue arises in the adddir_name and disk_part POST parameters, where injected commands can be executed with system privileges.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the nas.cgi add_dir() function. This vulnerability allows authenticated users to execute arbitrary commands on the device by sending a specially crafted HTTP request. The issue arises in the disk_part and adddir_name POST parameters, where injected commands can be executed with system privileges.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the sch_reboot() function. This vulnerability allows authenticated users to execute arbitrary commands on the device. The issue arises from improper validation of user input in several POST parameters, which can be exploited by crafting a specific HTTP request. Once exploited, the injected commands are executed with the privileges of the user account under which the web server is running.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the sch_reboot() function. This vulnerability allows authenticated users to execute arbitrary commands on the device. The issue arises from improper handling of the restart_min POST parameter, which can be exploited by sending a specially crafted HTTP request. Once exploited, the injected command is executed with the privileges of the user running the web server.

Multiple operating system command injection vulnerabilities have been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the sch_reboot() function. These vulnerabilities allow for arbitrary code execution via specially crafted HTTP requests. The issues arise in the restart_hour, restart_min, and restart_week POST parameters. An authenticated user can exploit these vulnerabilities by sending requests that inject malicious commands, which are then executed with elevated privileges.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi set_sys_adm() function of version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow through a specially crafted HTTP request. An authenticated user can exploit this issue by sending the crafted request, leading to potential unauthorized code execution.

A vulnerability allowing information disclosure exists in the Wavlink AC3000 router, specifically in the testsave.sh script. This issue arises in the version M33A8.V5030.210505. The vulnerability can be exploited by sending a specially crafted HTTP request, which the router's lighttpd server will process. The testsave.sh script, located in the '/www/cgi-bin' directory, is executed when the corresponding URL is accessed. The script outputs the contents of the '/var/log/messages' file, thereby disclosing sensitive information.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi file's set_qos() function. This vulnerability affects version M33A8.V5030.210505. The issue arises from the 'en_enable' POST parameter, which can be exploited by sending a specially crafted HTTP request. The vulnerability allows authenticated users to overwrite the return address of the function with arbitrary data, potentially leading to remote code execution.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi file's set_qos() function. This vulnerability affects version M33A8.V5030.210505. The issue arises from the improper handling of POST parameters, particularly 'cli_mac', 'cli_name', and 'en_enable', which are all processed without length validation. An authenticated attacker can exploit this vulnerability by sending a crafted HTTP request that overwrites the stack with malicious data, potentially leading to arbitrary code execution.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi file's set_qos() function. This vulnerability affects version M33A8.V5030.210505. The issue arises from the cli_name POST parameter, which can be exploited by sending a specially crafted HTTP request. The vulnerability allows authenticated attackers to overwrite the return address of the function with arbitrary data, potentially leading to remote code execution.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi set_add_routing() function. This vulnerability allows authenticated attackers to execute arbitrary commands on the device. The issue arises from improper handling of several POST parameters, including 'dest', 'netmask', 'gateway', 'interface', and 'custom_interface'. Exploitation involves sending a crafted HTTP request that includes malicious input in these parameters, bypassing authentication checks and leading to unauthorized command execution.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi set_add_routing() function of version M33A8.V5030.210505. This vulnerability allows authenticated users to execute arbitrary commands on the router by sending specially crafted HTTP requests. The issue arises because the application fails to properly sanitize input from several POST parameters, including 'dest', 'netmask', 'gateway', and 'custom_interface', before executing it as a command.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi set_add_routing() function. This vulnerability allows authenticated users to execute arbitrary commands on the router by sending specially crafted HTTP requests. The issue arises because the application fails to properly sanitize input from several POST parameters, including 'dest', 'netmask', 'gateway', 'interface', 'custom_interface', and 'comment'. The vulnerability is present in Wavlink AC3000 M33A8.V5030.210505.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the internet.cgi set_add_routing() function. This vulnerability allows authenticated attackers to execute arbitrary commands on the device. The issue arises from improper handling of several POST parameters, including 'netmask', 'gateway', 'dest', 'interface', 'custom_interface', and 'comment'. The vulnerability is present in the Wavlink AC3000 M33A8.V5030.210505 version.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the login.cgi file's set_sys_init() function. This vulnerability, present in version M33A8.V5030.210505, allows for arbitrary code execution. The issue arises because the login.cgi file does not properly authenticate users before executing commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request, taking advantage of the command injection flaw in the restart_week_value POST parameter.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the login.cgi file's set_sys_init() function. This vulnerability allows for arbitrary code execution via OS command injection. It affects the Wavlink AC3000 model with the firmware version M33A8.V5030.210505. The issue arises because the login.cgi file does not properly validate user authentication, allowing attackers to send crafted HTTP requests that exploit this vulnerability.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the login.cgi file's set_sys_init() function. This vulnerability allows for arbitrary code execution via OS command injection. It affects the Wavlink AC3000 model with the firmware version M33A8.V5030.210505. The issue arises because the login.cgi file does not properly validate user authentication, allowing attackers to send crafted HTTP requests that exploit this flaw.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the wireless.cgi AddMac() function of version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. The issue arises because the AddMac function does not properly validate the length of the 'addMac' POST parameter, enabling attackers to overwrite the return address and gain command execution capabilities.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the rep_as_router() function. This vulnerability, present in version M33A8.V5030.210505, allows for a stack-based buffer overflow when a specially crafted HTTP request is sent. The issue can be triggered by an authenticated user.

A static login vulnerability has been identified in the Wavlink AC3000 router, specifically in the wctrls functionality of version M33A8.V5030.210505. This vulnerability allows an attacker to gain root access by sending a specially crafted set of network packets to the device. The wctrls service, running on UDP port 36338, accepts these packets and, after a series of encrypted communications, can be exploited to enable a telnet service with root privileges. This issue is compounded by the existence of a static admin login that persists even after a factory reset, allowing for remote access over WAN.

A vulnerability allowing unauthorized firmware updates has been identified in the Wavlink AC3000 router, specifically in the login.cgi component of version M33A8.V5030.210505. This issue arises from the absence of authentication checks, allowing attackers to send crafted HTTP requests that trigger arbitrary firmware uploads.

A command execution vulnerability has been identified in the Wavlink AC3000 router, specifically in the update_filter_url.sh script of version M33A8.V5030.210505. This vulnerability allows arbitrary command execution by injecting crafted HTTP requests. The issue can be exploited through a man-in-the-middle attack, taking advantage of the script's lack of HTTPS validation.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically within the 'wireless.cgi' file's 'set_wifi_basic_mesh()' function. This vulnerability arises because the function does not properly validate the length of certain POST parameters, allowing for arbitrary data to be written to the stack. An authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request, potentially leading to arbitrary command execution on the device.

A vulnerability allowing external configuration control has been identified in the Wavlink AC3000 router, specifically in the nas.cgi set_nas() function. This vulnerability arises from the improper handling of HTTP requests, which can be exploited to execute arbitrary commands on the device. The issue affects Wavlink AC3000 routers running firmware version M33A8.V5030.210505. Exploitation requires authentication, as the vulnerability can only be triggered by an authenticated HTTP request.

A vulnerability allowing arbitrary code execution exists in the Wavlink AC3000 router, specifically in the adm.cgi file's set_MeshAp() function. This vulnerability arises from a buffer overflow issue, where a specially crafted HTTP request can overwrite the stack and manipulate the return address, leading to unauthorized code execution. The vulnerability affects Wavlink AC3000 M33A8.V5030.210505.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically within the firewall.cgi file's iptablesWebsFilterRun() function. This vulnerability allows authenticated users to execute arbitrary code on the device by sending a specially crafted HTTP request. The issue arises because the router's lighttpd server configuration permits direct interaction with .cgi binaries in the web root, bypassing authentication requirements. Exploitation involves manipulating the 'firewall' and 'addURLFilter' parameters to inject commands that are executed via the 'do_system' function, leveraging the lack of input validation on certain values.

A cross-site scripting vulnerability has been identified in the Wavlink AC3000 router, specifically in the login.cgi file's set_lang_CountryCode() function, within the version M33A8.V5030.210505. This vulnerability allows for the injection of malicious scripts through a crafted HTTP request, which can then be executed in the context of the user's browser. The issue arises because the login.cgi file does not properly validate user authentication, leaving it open to unauthenticated attacks. Exploiting this vulnerability could lead to the disclosure of sensitive information or the injection of persistent XSS scripts that could be executed on the router's web interface.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the nas.cgi file's remove_dir() function. This vulnerability allows authenticated attackers to execute arbitrary code on the device by sending a specially crafted HTTP request. The issue arises because the lighttpd server configuration permits direct interaction with .cgi binaries in the web root, bypassing authentication requirements.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the wireless.cgi DeleteMac() function, version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. The issue arises because the DeleteMac function does not properly validate the length of input data, enabling attackers to overwrite the return address and gain unauthorized access.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi set_wzap() function. This vulnerability allows for a stack-based buffer overflow, which can be triggered by a specially crafted HTTP request. The issue affects Wavlink AC3000 routers running version M33A8.V5030.210505. An authenticated user can exploit this vulnerability by sending an HTTP request that takes advantage of the lack of input length validation.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the wireless.cgi SetName() function of version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. The issue arises because the SetName function does not properly validate the length of the 'NewName' POST parameter, enabling attackers to overwrite the return address and potentially gain control of the device.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically within the qos.cgi file's qos_sta_settings() function. This vulnerability allows for a stack-based buffer overflow, which can be triggered by an authenticated user sending a specially crafted HTTP request. The issue arises because the function does not properly validate the length of input data before processing it, enabling attackers to overwrite the return address and potentially execute arbitrary code.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi set_wzdgw4G() function of version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow, which can be triggered by an authenticated user sending a specially crafted HTTP request. The lack of input length validation in the set_wzdgw4G function enables the overflow, potentially leading to arbitrary code execution.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the 'internet.cgi' file within the 'set_add_routing()' function. This vulnerability, present in version M33A8.V5030.210505, allows for a stack-based buffer overflow when a specially crafted HTTP request is sent. The issue can be exploited by an authenticated user.

A vulnerability allowing arbitrary command execution exists in the Wavlink AC3000 router, specifically in the nas.cgi set_smb_cfg() function of version M33A8.V5030.210505. This vulnerability arises from external configuration control, where an authenticated user can send a specially crafted HTTP request that is not properly validated, leading to unauthorized command execution on the device.

A vulnerability allowing arbitrary firmware updates exists in the Wavlink AC3000 router model M33A8.V5030.210505. This issue arises from the 'fw_check.sh' script, which lacks proper authentication and can be exploited by intercepting HTTP requests. Once the firmware update is triggered, the router automatically flashes the new firmware without any additional validation, creating a risk of unauthorized modifications or potentially harmful changes to the device's functionality.

A vulnerability allowing arbitrary command execution exists in the Wavlink AC3000 router, specifically in the OpenVPN configuration handling within the openvpn.cgi file, version M33A8.V5030.210505. This vulnerability arises from improper authentication checks on .cgi binaries, allowing authenticated users to send specially crafted HTTP requests that are executed with system privileges.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file's set_TR069() function, within the firmware version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow, which can be triggered by an authenticated user sending a specially crafted HTTP request. The lack of proper input validation in the TR069-related parameters enables the exploitation of this vulnerability, potentially leading to arbitrary code execution.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the set_ledonoff() function. This vulnerability allows authenticated attackers to execute arbitrary commands on the device. The issue arises from the way the router's web interface handles HTTP requests, particularly those directed to .cgi scripts.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the rep_as_bridge() function. This vulnerability, present in version M33A8.V5030.210505, allows for a stack-based buffer overflow when a specially crafted HTTP request is sent. The issue can be triggered by an authenticated user.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the 'wireless.cgi' file within the 'set_wifi_basic()' function. This vulnerability arises because the function does not properly validate the length of certain POST parameters, allowing for arbitrary data to be written to the stack. An authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request, potentially leading to arbitrary command execution on the device.

A command execution vulnerability has been identified in the Wavlink AC3000 router, specifically in the qos.cgi file within the qos_sta() function. This vulnerability allows for arbitrary command execution via a specially crafted HTTP request. The issue arises because the router's lighttpd server configuration permits unauthenticated access to .cgi binaries in the web root, leaving it up to the binaries to verify user authentication. Once authenticated, an attacker can exploit the vulnerability by injecting commands that are executed by the router's cron service.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the login.cgi file's Goto_chidx() function, within the firmware version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow, triggered by a specially crafted HTTP request. The issue arises because the login.cgi binary does not require authentication, leaving the router open to exploitation by anyone with network access.

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the usbip.cgi set_info() function, version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow, which can be triggered by an authenticated user sending a specially crafted HTTP request. The issue arises because the set_info() function does not properly validate the length of input data before copying it to the stack, creating an opportunity for an attacker to overwrite the return address and potentially execute arbitrary code.

A stack-based buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the touchlist_sync.cgi file within the touchlistsync() function. This vulnerability arises because the CGI binary does not properly validate user authentication, allowing an attacker to send a specially crafted HTTP request that can be exploited to execute arbitrary code. The issue is present in the Wavlink AC3000 model M33A8.V5030.210505.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the wireless.cgi AddMac() function of version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands on the router by sending specially crafted HTTP requests. The issue arises because the AddMac() function does not properly validate or sanitize input before executing it as a command, leading to potential unauthorized command execution.

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the touchlist_sync.cgi file within the touchlistsync() function. This vulnerability allows for arbitrary code execution via a crafted HTTP request. The issue arises because the CGI binary does not properly validate user authentication, leaving it open to exploitation by anyone with network access to the device.

A command execution vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi set_TR069() function of version M33A8.V5030.210505. This vulnerability allows authenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. The issue arises because the TR069_local_port parameter can be manipulated to inject commands, which are then executed by the router's operating system.

A vulnerability in the Howyar UEFI Application 'Reloader' allows for the execution of unsigned software from a hard-coded path, bypassing UEFI Secure Boot. This issue affects both 32-bit and 64-bit versions of the application, which is distributed as part of several real-time system recovery software suites. The vulnerability arises because the Reloader application does not use standard UEFI functions to load applications securely, enabling the execution of arbitrary code during the boot process with high privileges.