Wavlink CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (159 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-39770	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.
CVE-2024-39773	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	5.3 Medium
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-39774	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39781	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.
CVE-2024-39782	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter.
CVE-2024-39783	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter.
CVE-2024-39784	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter.
CVE-2024-39785	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter.
CVE-2024-39786	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter.
CVE-2024-39787	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter.
CVE-2024-39788	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.
CVE-2024-39789	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.
CVE-2024-39790	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter.
CVE-2024-39793	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.
CVE-2024-39794	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter.
CVE-2024-39795	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-22	9.1 Critical
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter.
CVE-2024-39756	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39757	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39798	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.
CVE-2024-39799	1 Wavlink	2 Wl-wn533a8, Wl-wn533a8 Firmware	2025-08-21	9.1 Critical
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.

« first previous Page 2 of 8. next last »