Weaknesses of type CWE-15
65 resultsCVE-2024-39280CRITICALAn external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A speciallyEPSS 34.2%CVE-2023-50252HIGHphp-svg-lib unsafe attributes merge when parsing `use` tagEPSS 23.9%CVE-2024-38666CRITICALAn external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505EPSS 18.9%CVE-2024-51544HIGHService ControlEPSS 13.5%CVE-2024-10979HIGHPostgreSQL PL/Perl environment variable changes execute arbitrary codeEPSS 4.4%CVE-2024-39602CRITICALAn external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craEPSS 2.3%CVE-2023-43323—mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to exEPSS 1.9%CVE-2024-39798CRITICALMultiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V503EPSS 1.8%CVE-2024-39800CRITICALMultiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V503EPSS 1.8%CVE-2021-3707—D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticatedEPSS 1.5%CVE-2024-39795CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. EPSS 1.5%CVE-2024-39788CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A spEPSS 1.5%CVE-2024-39793CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. EPSS 1.5%CVE-2024-39790CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A spEPSS 1.5%CVE-2024-39799CRITICALMultiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V503EPSS 1.3%CVE-2023-46248CRITICALOverwrite of builtin Cody commands facilitates RCEEPSS 1.1%CVE-2024-39789CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A spEPSS 1.0%CVE-2024-39794CRITICALMultiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. EPSS 1.0%CVE-2021-38453CRITICALAUVESY VersiondogEPSS 1.0%CVE-2023-32349HIGH
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter paEPSS 1.0%