External Configuration Control Vulnerabilities in Wavlink AC3000 M33A8
CVE-2024-39799
9.1CRITICAL
What is CVE-2024-39799?
Multiple external configuration control vulnerabilities exist within the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8. An attacker can exploit these vulnerabilities via a crafted HTTP request, resulting in arbitrary command execution. Additionally, there is a configuration injection vulnerability linked to the sel_open_interface POST parameter, potentially allowing unauthorized access and control over the device settings.
Affected Version(s)
Wavlink AC3000 M33A8.V5030.210505