CVE-2024-39784

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 74

Summary

CVE-2024-39784 is a newly disclosed vulnerability affecting the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Multiple command execution vulnerabilities exist in this component, which can be triggered by a specially crafted HTTP request. An attacker, once authenticated, can exploit these vulnerabilities to execute arbitrary commands. Additionally, a command injection vulnerability has been identified in the disk_part POST parameter, further expanding the attack surface.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share