CVE-2024-39795

Summary

CVE-2024-39795 is a vulnerability affecting the Wavlink AC3000 M33A8's nas.cgi set_nas() function in the ProFTPD component. This issue involves multiple external configuration control vulnerabilities, where a specially crafted HTTP request can bypass permissions, potentially leading to unauthorized access. Additionally, a configuration injection vulnerability was discovered in the `ftp_max_sessions` POST parameter, which can be exploited by an authenticated attacker to manipulate the system configuration. These vulnerabilities pose a significant risk and require immediate patching to prevent potential unauthorized access or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.