Sign-up

ID

VAR-202501-1300


CVE

CVE-2024-39367


TITLE

WAVLINK  of  WL-WN 533A8  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-027331

DESCRIPTION

An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK of WL-WN 533A8 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. The vulnerability is caused by the firewall.cgi iptablesWebsFilterRun function failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

Trust: 2.16

sources: NVD: CVE-2024-39367 // JVNDB: JVNDB-2024-027331 // CNVD: CNVD-2025-02232

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02232

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn533a8scope:eqversion:m33a8.v5030.210505

Trust: 1.0

vendor:wavlinkmodel:wl-wn 533a8scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn 533a8scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn 533a8scope:eqversion:wl-wn 533a8 firmware m33a8.v5030.210505

Trust: 0.8

vendor:wavlinkmodel:ac3000 m33a8.v5030.210505scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02232 // JVNDB: JVNDB-2024-027331 // NVD: CVE-2024-39367

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2024-39367
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-39367
value: HIGH

Trust: 1.0

NVD: CVE-2024-39367
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-02232
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-02232
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2024-39367
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-39367
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-39367
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02232 // JVNDB: JVNDB-2024-027331 // NVD: CVE-2024-39367 // NVD: CVE-2024-39367

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-027331 // NVD: CVE-2024-39367

PATCH

title:Patch for WAVLINK AC3000 firewall.cgi iptablesWebsFilterRun function command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/652326

Trust: 0.6

sources: CNVD: CNVD-2025-02232

EXTERNAL IDS

db:NVDid:CVE-2024-39367

Trust: 3.2

db:TALOSid:TALOS-2024-2023

Trust: 1.8

db:JVNDBid:JVNDB-2024-027331

Trust: 0.8

db:CNVDid:CNVD-2025-02232

Trust: 0.6

sources: CNVD: CNVD-2025-02232 // JVNDB: JVNDB-2024-027331 // NVD: CVE-2024-39367

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2024-2023

Trust: 1.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2024-2023

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39367

Trust: 1.4

sources: CNVD: CNVD-2025-02232 // JVNDB: JVNDB-2024-027331 // NVD: CVE-2024-39367

SOURCES

db:CNVDid:CNVD-2025-02232
db:JVNDBid:JVNDB-2024-027331
db:NVDid:CVE-2024-39367

LAST UPDATE DATE

2025-08-23T23:18:42.537000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02232date:2025-01-23T00:00:00
db:JVNDBid:JVNDB-2024-027331date:2025-08-22T06:02:00
db:NVDid:CVE-2024-39367date:2025-08-21T17:46:32.570

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02232date:2025-01-21T00:00:00
db:JVNDBid:JVNDB-2024-027331date:2025-08-22T00:00:00
db:NVDid:CVE-2024-39367date:2025-01-14T15:15:19.677