Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (181 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-34166 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 10 Critical
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-34544 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-36258 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 10 Critical
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-38666 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39273 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9 Critical
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
CVE-2024-39280 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39288 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39294 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39299 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39358 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39357 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39359 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39360 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39367 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39370 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-39602 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2025-08-21 9.1 Critical
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-13117 1 Wavlink 4 Wn575a4, Wn575a4 Firmware, Wn579x3 and 1 more 2025-08-19 9.8 Critical
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
CVE-2025-44868 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2025-06-13 9.8 Critical
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2024-38894 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 5.3 Medium
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVE-2024-38892 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 6.5 Medium
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.