Description
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2025-01-14
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-38391 An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
History

Thu, 21 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware

Wed, 15 Jan 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Weaknesses CWE-15
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wavlink Wl-wn533a8 Wl-wn533a8 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2025-01-15T20:08:23.476Z

Reserved: 2024-06-28T18:05:52.231Z

Link: CVE-2024-39602

cve-icon Vulnrichment

Updated: 2025-01-14T16:04:08.846Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T15:15:19.970

Modified: 2025-08-21T17:23:57.057

Link: CVE-2024-39602

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses