Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter.

Arkose Labs Blog


Welcome to the Arkose Labs blog. Read informative articles on fraud prevention, account security, authentication, digital authenticity, and more.

Highlights

  • A blog covering a wide variety of cybersecurity categories.
Listed: