CVE-2024-39800
CRITICALDescription
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter.
Is your site exposed to CVE-2024-39800?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| wavlink | wl-wn533a8_firmware |
| wavlink | wl-wn533a8 |
References
Frequently Asked Questions
What is CVE-2024-39800? +
How severe is CVE-2024-39800? +
What products are affected by CVE-2024-39800? +
How do I check if I'm vulnerable to CVE-2024-39800? +
Related Vulnerabilities
For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version …
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow …
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. …
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of …