Description
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2025-01-14
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-35164 A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
History

Thu, 21 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware

Tue, 14 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Weaknesses CWE-74
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wavlink Wl-wn533a8 Wl-wn533a8 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2025-01-14T16:03:45.160Z

Reserved: 2024-06-28T18:06:01.685Z

Link: CVE-2024-34544

cve-icon Vulnrichment

Updated: 2025-01-14T16:03:45.160Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T15:15:15.873

Modified: 2025-08-21T18:46:08.373

Link: CVE-2024-34544

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses