CVE-2024-38666
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-38666 is a newly disclosed vulnerability affecting the openvpn.cgi openvpn_client_setup() functionality in Wavlink AC3000 M33A8.V5030.210505. This issue is classified as an external config control vulnerability, which means that a specially crafted HTTP request can manipulate the configuration, leading to arbitrary command execution. An attacker with access to the affected system can exploit this vulnerability by making an authenticated HTTP request, potentially granting them administrative privileges and control over the vulnerable device. This could result in unauthorized access, data theft, or other malicious activities. Users are advised to update their Wavlink AC3000 devices as soon as a patch becomes available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.