CVE-2024-39799
Published: 14 January 2025
Description
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter.
Security Summary
CVE-2024-39799 involves multiple external control of configuration vulnerabilities in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. The vulnerabilities are classified under CWE-15 and include a configuration injection issue in the `sel_open_interface` POST parameter.
Exploitation requires an authenticated attacker with high privileges (PR:H) to send a malicious HTTP request over the network (AV:N). Successful exploitation enables arbitrary command execution on the device, with a CVSS v3.1 base score of 9.1 (AC:L/UI:N/S:C/C:H/I:H/A:H), indicating low attack complexity, no user interaction, scope change, and high impact on confidentiality, integrity, and availability.
Mitigation details and additional technical analysis are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050.
Details
- CWE(s)