CRITICAL🇵🇱 Wersja polska

CVE-2024-39759

CVSS 10.0v3.1pub. 2025-01-14upd. 2025-11-03

Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter.

🤖 AI Analysis
How it works

The vulnerability is located in the set_sys_init() function handled by the login.cgi script. An attacker sends a specially crafted HTTP POST request containing a malicious value in the `restart_hour_value` parameter. This parameter is not properly validated or filtered before being passed to a system call, allowing injection and execution of arbitrary operating system commands on the device. The attack is possible without prior authentication to the device.

Impact

An attacker can take full control of the device by executing arbitrary commands at its level, which includes the ability to read and modify configuration, eavesdrop on network traffic, and use the device as an entry point to the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until an update is applied, it is recommended to restrict access to the device's administrative interface only from trusted IP addresses and avoid exposing the device directly to Internet access.

Who is affected

Wavlink AC3000 WL-WN533A8 with firmware version M33A8.V5030.210505

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Wavlink Wl Wn533a8

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wl Wn533a8 Firmware

    OS
    Wavlink
    m33a8.v5030.210505
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-21797CRITICAL9.1PL ✓ten sam produkt

Command injection w Wavlink AC3000 — wykonanie dowolnych poleceń przez adm.cgi

CVE-2024-34166CRITICAL10.0PL ✓ten sam produkt

Command injection w firmware Wavlink AC3000 — zdalne wykonanie kodu

CVE-2024-34544CRITICAL9.1PL ✓ten sam produkt

Command injection w Wavlink AC3000 – nieautoryzowane wykonanie poleceń

CVE-2024-36258CRITICAL10.0PL ✓ten sam produkt

Stack-based buffer overflow w Wavlink AC3000 umożliwia RCE przez HTTP

CVE-2024-36272CRITICAL9.1PL ✓ten sam produkt

Buffer overflow w Wavlink AC3000 — podatność w funkcji set_info() usbip.cgi