CVE-2024-39360

Critical CVSS: 9.1

An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Vendor

Wavlink

Product

Wl-wn533a8 Firmware

CWE

CWE-77

Yayın Tarihi

2025-01-14 15:15:19

Güncelleme

2025-08-21 17:57:37

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-77 Wl-wn533a8 Firmware CRITICAL Wavlink 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2054 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2054

Benzer Kayıtlar

High

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin…

Medium

CVE-2026-3716

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the…

High

CVE-2026-3715

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/fire…

High

CVE-2026-3703

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Ex…

Medium

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file…

Medium

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the fil…