Command Injection Flaw in Wavlink AC3000 Router's Wireless Configuration
CVE-2024-34544
Currently unrated
What is CVE-2024-34544?
A command injection vulnerability has been identified within the wireless.cgi script used in the AddMac() function of the Wavlink AC3000 M33A8 router. This flaw enables an attacker with authenticated access to send carefully crafted HTTP requests. Such requests can lead to arbitrary command execution on the device, potentially compromising its integrity and security. Users of affected versions should take immediate action to mitigate this risk.