A command injection vulnerability exists in the wireless...
Critical severity
Unreviewed
Published
Jan 14, 2025
to the GitHub Advisory Database
•
Updated Jan 14, 2025
Description
Published by the National Vulnerability Database
Jan 14, 2025
Published to the GitHub Advisory Database
Jan 14, 2025
Last updated
Jan 14, 2025
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References