Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wavlink Subscribe
Total 203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39603 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39602 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39370 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39367 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39363 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.6 CRITICAL
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2024-39360 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39359 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39358 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39357 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39299 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39294 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39288 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39280 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39273 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.0 CRITICAL
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2024-38897 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2026-06-17 N/A 5.3 MEDIUM
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVE-2024-38896 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2026-06-17 N/A 5.3 MEDIUM
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVE-2024-38895 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2026-06-17 N/A 5.3 MEDIUM
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVE-2024-38894 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2026-06-17 N/A 5.3 MEDIUM
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVE-2024-38892 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2026-06-17 N/A 6.5 MEDIUM
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2024-38666 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.