Описание
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the restart_hour_value POST parameter.
Уязвимые конфигурации
Одновременно
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter.
Уязвимость функции set_sys_init() сценария login.cgi микропрограммного обеспечения маршрутизаторов Wavlink AC3000 (WL-WN533A8), позволяющая нарушителю выполнить произвольные команды
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3