exploitDog

GHSA-39p7-78c9-m48f

Опубликовано: 14 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the dest POST parameter.

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the dest POST parameter.

Ссылки

EPSS

Процентиль: 80%

0.01422

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-77

Связанные уязвимости

CVE-2024-39764

CVSS3: 9.1

nvd

около 1 года назад

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter.

BDU:2025-02272

CVSS3: 9.1

fstec

около 1 года назад

Уязвимость функции set_add_routing сценария internet.cgi микропрограммного обеспечения маршрутизаторов Wavlink AC3000 (WL-WN533A8), позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 80%

0.01422

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-77