Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g72p-5f8c-rcj2

Опубликовано: 14 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 9.1

Описание

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the custom_interface POST parameter.

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the custom_interface POST parameter.

Ссылки

EPSS

Процентиль: 80%
0.01422
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-39765

Дефекты

CWE-77

Связанные уязвимости

nvd логотип

CVE-2024-39765

CVSS3: 9.1
nvd
около 1 года назад

Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter.

fstec логотип

BDU:2025-02273

CVSS3: 9.1
fstec
около 1 года назад

Уязвимость функции set_add_routing сценария internet.cgi микропрограммного обеспечения маршрутизаторов Wavlink AC3000 (WL-WN533A8), позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 80%
0.01422
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2024-39765

Дефекты

CWE-77