Command Execution Vulnerability in Wavlink AC3000 Router
CVE-2024-36295
Currently unrated
What is CVE-2024-36295?
A command execution vulnerability has been identified in the qos.cgi qos_sta() functionality of the Wavlink AC3000 M33A8.V5030.210505 router. By sending a specially crafted HTTP request, an attacker can exploit this vulnerability to execute arbitrary commands on the device. Authentication is required for the HTTP request, highlighting the need for secure management practices. Users are urged to apply relevant patches and monitor their systems to mitigate potential risks.