Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-39799 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. | 9.1 |
| 2025-01-14 | CVE-2024-39800 | Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. | 9.1 |
| 2025-01-14 | CVE-2024-39801 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. | 9.1 |
| 2025-01-14 | CVE-2024-39802 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. | 9.1 |
| 2025-01-14 | CVE-2024-39803 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. | 9.1 |
| 2025-01-14 | CVE-2023-42785 | NULL Pointer Dereference vulnerability in Fortinet Fortios A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 6.5 |
| 2025-01-14 | CVE-2023-42786 | NULL Pointer Dereference vulnerability in Fortinet Fortios A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 6.5 |
| 2025-01-14 | CVE-2024-11497 | An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | 8.8 |
| 2025-01-14 | CVE-2024-33502 | Path Traversal vulnerability in Fortinet Fortianalyzer and Fortimanager An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. | 7.2 |
| 2025-01-14 | CVE-2024-55591 | Unspecified vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 9.8 |