CVE-2024-37186

An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*

History

21 Aug 2025, 20:38

Type Values Removed Values Added
First Time Wavlink wl-wn533a8 Firmware
Wavlink wl-wn533a8
Wavlink
CPE cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de inyección de comandos del sistema operativo en la función set_ledonoff() de adm.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la ejecución de código arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad.
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2032 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2032 - Exploit, Third Party Advisory
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2032 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2032 - Exploit, Third Party Advisory

14 Jan 2025, 16:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2032 -

14 Jan 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-14 15:15

Updated : 2025-08-21 20:38


NVD link : CVE-2024-37186

Mitre link : CVE-2024-37186

CVE.ORG link : CVE-2024-37186


JSON object : View

Products Affected

wavlink

  • wl-wn533a8
  • wl-wn533a8_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')