CVE-2024-39800
Published: 14 January 2025
Description
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.
Security Summary
CVE-2024-39800 consists of multiple external control of configuration vulnerabilities (CWE-15) in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505, along with a configuration injection vulnerability in the `open_port` POST parameter. These flaws allow a specially crafted HTTP request to lead to arbitrary command execution. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, high privilege requirements, expanded scope, and high impact on confidentiality, integrity, and availability.
An authenticated attacker with high privileges can exploit these vulnerabilities by sending a specially crafted HTTP request to the affected openvpn.cgi endpoint. Successful exploitation enables arbitrary command execution on the device, potentially allowing full compromise of the router, including data exfiltration, further network pivoting, or persistent access.
The primary advisory from Talos Intelligence (TALOS-2024-2050) documents these issues; practitioners should consult it for detailed technical analysis and any recommended mitigations or patches, as no specific remediation details are provided in the CVE description.
Details
- CWE(s)