OS Command Injection in Wavlink AC3000 Router Products
CVE-2024-34166

Currently unrated

Key Information:

Vendor: Wavlink
Status: AC3000 Router
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-34166?

An os command injection vulnerability has been identified in the touchlist_sync.cgi touchlistsync() functionality of the Wavlink AC3000 router. By crafting specific HTTP requests, an attacker can exploit this vulnerability to execute arbitrary code. This poses significant security risks, allowing unauthorized access and control over the affected devices.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025