CVE-2024-39602

Critical

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially…

talos·CWE-15·Published 2025-01-14

CVSS

9.1

EPSS

0.02

KEV

Exploits

cve.orgen

280 chars

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

NVDen

280 chars

NVDes

324 chars

Existe una vulnerabilidad de control de configuración externa en la función set_nas() de nas.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la ejecución de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H