CVE-2024-39799

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 15

Summary

CVE-2024-39799 is a vulnerability affecting the openvpn.cgi openvpn_server_setup() functionality in Wavlink AC3000 M33A8.V5030.210505. Multiple external configuration control vulnerabilities have been identified, allowing a specially crafted HTTP request to result in arbitrary command execution. This issue can be exploited by an authenticated attacker through the sel_open_interface POST parameter, which contains a configuration injection vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share