CVERadar

CVE-2024-39784

High Severity

SVRS

42/100

CVSSv3

9.1/10

EPSS

0.00082/1

CVE-2024-39784 affects Wavlink AC3000 routers, allowing arbitrary command execution. This command injection vulnerability exists due to insufficient input validation in the add_dir() function within nas.cgi. An authenticated attacker can exploit the vulnerable disk_part parameter via a crafted HTTP POST request. While the CVSS score is high (9.1), SOCRadar's Vulnerability Risk Score (SVRS) is 42. The router may become compromised. This flaw could allow attackers to gain control of the affected device, potentially leading to data theft or further network compromise. Mitigation steps should be applied to prevent exploitation.

Description

CVE-2024-39784, affecting the Wavlink AC3000 M33A8.V5030.210505 router, involves multiple command execution vulnerabilities in the nas.cgi add_dir() functionality. Specifically, a crafted HTTP request can lead to arbitrary command execution via the disk_part POST parameter, exploiting a command injection vulnerability (CWE-74). An attacker can leverage this vulnerability with authentication, making it a critical threat.

While the CVSS score is 9.1, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 42. This suggests that although the vulnerability is technically serious, it may not be actively exploited at this time, potentially due to the required authentication. However, the "In The Wild" tag indicates that attackers are actively exploiting this vulnerability.

Key Insights

Active Exploitation: The vulnerability is being actively exploited by attackers in the wild.
Command Execution: Successful exploitation grants attackers the ability to execute arbitrary commands on the affected device, giving them full control over the router.
Authentication Required: While authentication is required, it does not necessarily negate the risk as attackers may be able to exploit known vulnerabilities or credential stuffing techniques to gain access.
Wide Impact: This vulnerability affects all Wavlink AC3000 M33A8.V5030.210505 routers, potentially impacting a large number of users.

Mitigation Strategies

Update Firmware: Update the router's firmware immediately to the latest version, which includes the necessary security patches.
Change Default Credentials: Change the default router credentials, particularly the administrator password, to a strong and unique password.
Enable Firewall and Intrusion Detection System: Implement a firewall and intrusion detection system (IDS) on the router to monitor and block suspicious network traffic.
Disable Unnecessary Services: Disable or restrict access to unnecessary services on the router, reducing the attack surface.

Additional Information

It is important to note that this vulnerability is being actively exploited by attackers. Users should implement the recommended mitigation strategies immediately to protect their devices.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Slew of WavLink vulnerabilities

Kri Dontje2025-01-15

Slew of WavLink vulnerabilities | Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is one of theLilith >

feedburner.com

rss

forum

news

CVE-2024-39784 | Wavlink AC3000 M33A8.V5030.210505 nas.cgi add_dir disk_part injection (TALOS-2024-2058)

vuldb.com2025-01-14

CVE-2024-39784 | Wavlink AC3000 M33A8.V5030.210505 nas.cgi add_dir disk_part injection (TALOS-2024-2058) | A vulnerability was found in Wavlink AC3000 M33A8.V5030.210505. It has been declared as critical. Affected by this vulnerability is the function add_dir of the file nas.cgi. The manipulation of the argument disk_part leads to injection. This vulnerability is known as <a href="https://vuldb.com

vuldb.com

rss

forum

news

Social Media

CVE

@CVEnew

2025-01-18

CVE-2024-39784 Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lea… https://t.co/x84QMfPQlR

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://talosintelligence.com/vulnerability_reports/TALOS-2024-2058
HTTPS://TALOSINTELLIGENCE.COM/VULNERABILITY_REPORTS/TALOS-2024-2058	https://talosintelligence.com/vulnerability_reports/TALOS-2024-2058

CWE Details

CWE ID	CWE Name	Description
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence