CVE-2024-39762: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Wavlink Wavlink AC3000
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter.
CVE-2024-39762: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Wavlink Wavlink AC3000
Description
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- talos
- Date Reserved
- 2024-06-28T16:07:49.001Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690929aafe7723195e0fd67e
Added to database: 11/3/2025, 10:16:10 PM
Last updated: 11/3/2025, 10:16:13 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-39787: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wavlink Wavlink AC3000
CriticalCVE-2024-39786: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wavlink Wavlink AC3000
CriticalCVE-2024-39785: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in Wavlink Wavlink AC3000
CriticalCVE-2024-39784: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in Wavlink Wavlink AC3000
CriticalCVE-2024-39783: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Wavlink Wavlink AC3000
CriticalActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.