CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-39602

High Severity
SVRS
42/100
CVSSv3
9.1/10
EPSS
0.00068/1

CVE-2024-39602 is a critical vulnerability in Wavlink AC3000 routers allowing remote attackers to execute arbitrary commands. This command execution flaw is located within the nas.cgi set_nas() function. By sending a crafted HTTP request, an authenticated attacker can exploit this security hole. While the CVSS score indicates high severity, the SOCRadar Vulnerability Risk Score (SVRS) of 42 suggests a moderate level of active real-world threat, despite being tagged "In The Wild". This means while the vulnerability is being exploited, the scale isn't deemed critical at the moment. Immediate patching is recommended to prevent unauthorized access and potential system compromise. Successful exploitation could lead to complete control of the affected router.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2025-01-14
LAST MODIFIED2025-01-15
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-39602 is an external config control vulnerability affecting the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. This vulnerability allows an attacker to execute arbitrary commands on the affected device by sending a specially crafted HTTP request.

While the CVSS score is high at 9.1, the SVRS score of 42 indicates that this vulnerability might not be as urgently critical as the CVSS score suggests. It is essential to remember that the SVRS considers a wider range of factors than just the technical severity of the vulnerability.

Key Insights

  • Authenticated HTTP request: The exploit requires authentication, suggesting that the attacker might need access to the affected device's network. However, the potential for unauthorized access and control over the device remains a significant concern.
  • Arbitrary command execution: The vulnerability allows an attacker to execute arbitrary commands, granting them full control over the affected device. This could potentially be used to compromise the device, steal sensitive data, or launch further attacks.
  • Active exploitation: The CVE is tagged "In The Wild," indicating that this vulnerability is actively exploited by hackers. This suggests that the threat actors might be actively searching for vulnerable devices and exploiting them for their gain.

Mitigation Strategies

  • Update firmware: Update the firmware on your Wavlink AC3000 M33A8.V5030.210505 device to the latest version to patch this vulnerability. The latest firmware versions are typically available on the vendor's website.
  • Restrict network access: Limit network access to the affected device to trusted sources. Consider implementing a firewall to prevent unauthorized access and restrict communication to essential services.
  • Implement strong authentication: Implement strong authentication measures, such as multi-factor authentication (MFA), to protect against unauthorized access to the device.
  • Monitor security logs: Regularly monitor security logs for suspicious activity and potential signs of exploitation.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Slew of WavLink vulnerabilities
Kri Dontje2025-01-15
Slew of WavLink vulnerabilities | Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is one of theLilith >
feedburner.com
rss
forum
news
CVE-2024-39602 | Wavlink AC3000 M33A8.V5030.210505 nas.cgi set_nas external control of system or configuration setting (TALOS-2024-2052)
vuldb.com2025-01-14
CVE-2024-39602 | Wavlink AC3000 M33A8.V5030.210505 nas.cgi set_nas external control of system or configuration setting (TALOS-2024-2052) | A vulnerability classified as critical has been found in Wavlink AC3000 M33A8.V5030.210505. This affects the function set_nas of the file nas.cgi. The manipulation leads to external control of system or configuration setting. This vulnerability is uniquely identified as CVE-2024-39602
vuldb.com
rss
forum
news

Social Media

CVE-2024-39602 An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead… https://t.co/CNGhpH4Who
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2052
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-2052
HTTPS://TALOSINTELLIGENCE.COM/VULNERABILITY_REPORTS/TALOS-2024-2052https://talosintelligence.com/vulnerability_reports/TALOS-2024-2052

CWE Details

CWE IDCWE NameDescription
CWE-15External Control of System or Configuration SettingOne or more system settings or configuration elements can be externally controlled by a user.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence