CVE-2024-39781
Published: 14 January 2025
Description
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter.
Security Summary
CVE-2024-39781 is a set of multiple OS command injection vulnerabilities in the adm.cgi sch_reboot() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. These flaws, classified under CWE-77, stem from inadequate sanitization in the `restart_hour` POST parameter, allowing a specially crafted HTTP request to inject and execute arbitrary operating system commands.
An authenticated attacker with high privileges can exploit these vulnerabilities over the network with low complexity and no user interaction required. Successful exploitation leads to arbitrary code execution with high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The changed scope (S:C) indicates potential effects beyond the vulnerable component.
Mitigation details are available in the Talos Intelligence advisory TALOS-2024-2033, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2033. The vulnerability was published on January 14, 2025.
Details
- CWE(s)