External Configuration Control Vulnerability in Wavlink AC3000 Router
CVE-2024-39280
Currently unrated
What is CVE-2024-39280?
An external configuration control vulnerability has been identified in the nas.cgi set_smb_cfg() functionality of the Wavlink AC3000 M33A8 router. This security flaw allows an attacker, through specially crafted HTTP requests, to execute arbitrary commands on the device. Such an exploit necessitates that the attacker is authenticated to the system, enabling them to leverage this vulnerability to manipulate the router’s configuration and compromise its security.