Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter.

Black Duck Blog


Software and Application Security Blog. Get expert insights from the Black Duck software and application security blog. Explore topics from DevOps security, software news, analysis, intel and more.

Listed: