CVE-2024-39784
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Jan 14, 2025
CWE ID 74
Summary
CVE-2024-39784 is a newly disclosed vulnerability affecting the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Multiple command execution vulnerabilities exist in this component, which can be triggered by a specially crafted HTTP request. An attacker, once authenticated, can exploit these vulnerabilities to execute arbitrary commands. Additionally, a command injection vulnerability has been identified in the disk_part POST parameter, further expanding the attack surface.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share