Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-39795 Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-15
critical
 9.1
9.1
2025-01-14 CVE-2024-39798 Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-15
critical
 9.1
9.1
2025-01-14 CVE-2024-39799 Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-15
critical
 9.1
9.1
2025-01-14 CVE-2024-39800 Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-15
critical
 9.1
9.1
2025-01-14 CVE-2024-39801 Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-120
critical
 9.1
9.1
2025-01-14 CVE-2024-39802 Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-120
critical
 9.1
9.1
2025-01-14 CVE-2024-39803 Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-120
critical
 9.1
9.1
2025-01-14 CVE-2023-37936 Use of Hard-coded Credentials vulnerability in Fortinet Fortiswitch
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
network
low complexity
fortinet CWE-798
critical
 9.8
9.8
2025-01-14 CVE-2023-37937 OS Command Injection vulnerability in Fortinet Fortiswitch
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI.
local
low complexity
fortinet CWE-78
7.8
7.8
2025-01-14 CVE-2023-42785 NULL Pointer Dereference vulnerability in Fortinet Fortios
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.
network
low complexity
fortinet CWE-476
6.5
6.5