OpenVPN Configuration Flaws in Wavlink AC3000 M33A8 Router
CVE-2024-39798
9.1CRITICAL
What is CVE-2024-39798?
Multiple external configuration control vulnerabilities have been identified in the OpenVPN setup functionality of the Wavlink AC3000 M33A8 router. These vulnerabilities can be exploited through a specially crafted HTTP request, potentially allowing unauthorized command execution. An attacker could leverage authenticated HTTP requests to trigger these vulnerabilities effectively. Specifically, a configuration injection vulnerability exists in the sel_open_protocol
POST parameter, which may lead to serious security implications if left unaddressed.
Affected Version(s)
Wavlink AC3000 M33A8.V5030.210505