CVE-2024-39787 is a critical path traversal vulnerability (CWE-22) found in the Wavlink AC3000 router firmware version M33A8.V5030.210505. The flaw resides in the nas.cgi add_dir() functionality, where the disk_part POST parameter is improperly sanitized, allowing an authenticated user to perform directory traversal attacks. By sending specially crafted HTTP POST requests, an attacker can bypass intended permission restrictions and access or manipulate files outside the designated directories. This can lead to unauthorized disclosure of sensitive information, modification of critical files, or disruption of router operations. The vulnerability requires authentication but no user interaction beyond sending the malicious request. The CVSS 3.1 score of 9.1 reflects the network attack vector, low complexity, high privileges required, and the critical impact on confidentiality, integrity, and availability with scope change. Although no known exploits are currently in the wild, the severity and ease of exploitation by authenticated users make this a significant threat. The vulnerability affects a specific firmware version, so devices running this version or earlier are vulnerable. The lack of available patches at the time of publication increases the urgency for mitigation.

For European organizations, exploitation of this vulnerability could lead to severe consequences including unauthorized access to sensitive network data, disruption of network services, and potential pivoting to internal networks. Enterprises relying on Wavlink AC3000 routers in their infrastructure may face data breaches, operational downtime, and loss of trust. Critical sectors such as finance, healthcare, and government could be particularly impacted due to the sensitive nature of their data and services. The ability to bypass permissions and manipulate files could allow attackers to implant persistent malware or disrupt network configurations, leading to prolonged outages or data integrity issues. Given the router’s role as a network gateway, successful exploitation could also facilitate lateral movement within corporate networks, increasing the overall risk exposure.

1. Immediately restrict access to the router’s management interface to trusted internal networks and VPNs only, preventing exposure to untrusted networks. 2. Implement strong authentication mechanisms and monitor for unusual authenticated HTTP requests targeting nas.cgi endpoints. 3. Regularly audit and update router firmware; coordinate with Wavlink for official patches or advisories addressing CVE-2024-39787. 4. Employ network segmentation to limit the impact of a compromised router on critical systems. 5. Use intrusion detection/prevention systems (IDS/IPS) to detect anomalous directory traversal attempts or suspicious POST requests. 6. If firmware updates are unavailable, consider replacing vulnerable devices with models from vendors with timely security support. 7. Educate network administrators on the risks of directory traversal vulnerabilities and the importance of limiting authenticated access to management interfaces.