Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter.
#HARDWARE

Premier publication and forum for electrical engineers providing educational material, tools, industry insight, videos, podcasts and conferences.

The community dedicated to learning hardware.

Hackaday.io is the world's largest collaborative hardware development community.

NEW

The goal of HardBreak is to collect knowledge about Hardware Hacking / IoT hacking in one place. HardBreak aims to organize all information in one accessible and easy-to-use platform.