exploitDog

GHSA-3cww-g5m8-59q4

Опубликовано: 14 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the gateway POST parameter.

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the gateway POST parameter.

Ссылки

EPSS

Процентиль: 80%

0.01422

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-77

Связанные уязвимости

CVE-2024-39763

CVSS3: 9.1

nvd

около 1 года назад

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter.

BDU:2025-00416

CVSS3: 9.1

fstec

больше 1 года назад

Уязвимость функции set_add_routing() сценария internet.cgi микропрограммного обеспечения маршрутизаторов Wavlink AC3000 (WL-WN533A8), позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 80%

0.01422

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-77