CVE-2024-39798
Published: 14 January 2025
Description
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter.
Security Summary
CVE-2024-39798 involves multiple external config control vulnerabilities in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution, including a configuration injection vulnerability in the `sel_open_protocol` POST parameter. The vulnerability is classified under CWE-15 and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
An attacker with high privileges can exploit these vulnerabilities by sending an authenticated HTTP request to the affected component. Successful exploitation results in arbitrary command execution on the device, potentially allowing full compromise given the high impacts on confidentiality, integrity, and availability, along with a change in scope.
Mitigation details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050.
Details
- CWE(s)