CVE-2024-39798

Critical CVSS: 9.1

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.

Vendor

Wavlink

Product

Wl-wn533a8 Firmware

CWE

CWE-15

Yayın Tarihi

2025-01-14 15:15:24

Güncelleme

2025-11-03 22:17:10

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-15 Wl-wn533a8 Firmware CRITICAL Wavlink 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2050

Benzer Kayıtlar

High

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin…

Medium

CVE-2026-3716

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerability affects the function sub_401AD4 of the…

High

CVE-2026-3715

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/fire…

High

CVE-2026-3703

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Ex…

Medium

CVE-2026-3704

A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file…

Medium

CVE-2026-3662

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the fil…