OS Command Injection in Wavlink AC3000 Vulnerability
CVE-2024-37186

Currently unrated

Key Information:

Vendor: Wavlink
Status: AC3000 M33A8.V5030.210505
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-37186?

An OS command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of the Wavlink AC3000 M33A8.V5030.210505. This vulnerability can be exploited through specially crafted HTTP requests, allowing an attacker with authentication to execute arbitrary code on the affected system, posing significant security risks.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025