CVE-2024-39602

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 15

Summary

CVE-2024-39602 is a newly disclosed vulnerability affecting the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. This external configuration control weakness allows an authenticated attacker to execute arbitrary commands by crafting a malicious HTTP request. Successful exploitation of this vulnerability can result in significant unauthorized access and potential data breaches. Users are advised to apply the forthcoming patch as soon as it becomes available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share