CVE-2024-21797

High

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted…

talos·CWE-74·Published 2025-01-14

CVSS

7.2

EPSS

0.21

KEV

Exploits

cve.orgen

275 chars

A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

NVDen

275 chars

NVDes

311 chars

Existe una vulnerabilidad de ejecución de comandos en la función adm.cgi set_TR069() de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la ejecución de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H