ID
VAR-202501-1366
CVE
CVE-2024-39785
TITLE
WAVLINK of WL-WN 533A8 Injection Vulnerability in Firmware
Trust: 0.8
DESCRIPTION
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. WAVLINK of WL-WN 533A8 Firmware has an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. There is a command injection vulnerability in the WAVLINK AC3000 M33A8.V5030.210505 version. The vulnerability is caused by the adddir_name parameter of the nas.cgi add_dir function failing to properly filter special characters and commands in the constructed command
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | wavlink | model: | wl-wn533a8 | scope: | eq | version: | m33a8.v5030.210505 | Trust: 1.0 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | eq | version: | wl-wn 533a8 firmware m33a8.v5030.210505 | Trust: 0.8 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | wavlink | model: | ac3000 m33a8.v5030.210505 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-74 | Trust: 1.0 |
| problemtype: | injection (CWE-74) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for WAVLINK AC3000 nas.cgi add_dir function adddir_name parameter command injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/652461 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-39785 | Trust: 3.2 |
| db: | TALOS | id: | TALOS-2024-2058 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2024-027416 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-02157 | Trust: 0.6 |
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2024-2058 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-39785 | Trust: 1.4 |
SOURCES
| db: | CNVD | id: | CNVD-2025-02157 |
| db: | JVNDB | id: | JVNDB-2024-027416 |
| db: | NVD | id: | CVE-2024-39785 |
LAST UPDATE DATE
2025-08-26T23:11:52.787000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-02157 | date: | 2025-01-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-027416 | date: | 2025-08-25T05:53:00 |
| db: | NVD | id: | CVE-2024-39785 | date: | 2025-08-22T14:02:58.147 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-02157 | date: | 2025-01-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-027416 | date: | 2025-08-25T00:00:00 |
| db: | NVD | id: | CVE-2024-39785 | date: | 2025-01-14T15:15:23.597 |