Description
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2025-01-14
Score: 9.1 Critical
EPSS: 5.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-37082 An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
History

Thu, 21 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware

Wed, 15 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Weaknesses CWE-15
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wavlink Wl-wn533a8 Wl-wn533a8 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2025-01-15T20:20:14.889Z

Reserved: 2024-06-28T18:05:53.362Z

Link: CVE-2024-38666

cve-icon Vulnrichment

Updated: 2025-01-14T16:03:54.795Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T15:15:17.847

Modified: 2025-08-21T18:45:23.373

Link: CVE-2024-38666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses