CVE-2024-39363

CriticalPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

25 August 2025

KEV Added

—

Patch

—

CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.1065 93.4th percentile

Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39363 is a critical-severity Basic XSS (CWE-80) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.6 (Critical).

Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information Input Validation directly prevents XSS by validating and sanitizing the CountryCode parameter in login.cgi to block malicious script injection.

SI-15 Information Output Filtering good match

prevent

Information Output Filtering encodes or escapes reflected content from set_lang_CountryCode() to prevent execution of injected scripts in user browsers.

SI-2 Flaw Remediation good match

preventrecover

Flaw Remediation identifies and patches the specific XSS vulnerability in Wavlink AC3000 firmware to eliminate the root cause.

NVD Description

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Deeper analysisAI

CVE-2024-39363 is a cross-site scripting (XSS) vulnerability in the login.cgi set_lang_CountryCode() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. The flaw allows a specially crafted HTTP request to trigger the issue, resulting in the disclosure of sensitive information. It is rated with a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and is associated with CWE-80.

An unauthenticated attacker can exploit this vulnerability remotely over the network by sending a malicious HTTP request, which requires user interaction such as clicking a crafted link or visiting a malicious site. Successful exploitation leads to the disclosure of sensitive information, with potential high impacts on confidentiality, integrity, and availability due to the changed scope.

Talos Intelligence has published detailed vulnerability reports on this issue at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2017, which security practitioners should consult for additional technical details and recommended mitigations.

Details

CWE(s): CWE-80

Affected Products

wavlink

wl-wn533a8 firmware

m33a8.v5030.210505

CVEs Like This One

CVE-2024-39358Same product: Wavlink Wl-Wn533A8

CVE-2024-39802Same product: Wavlink Wl-Wn533A8

CVE-2024-39794Same product: Wavlink Wl-Wn533A8

CVE-2024-37184Same product: Wavlink Wl-Wn533A8

CVE-2024-39294Same product: Wavlink Wl-Wn533A8

CVE-2024-39357Same product: Wavlink Wl-Wn533A8

CVE-2024-39754Same product: Wavlink Wl-Wn533A8

CVE-2024-39801Same product: Wavlink Wl-Wn533A8

CVE-2024-34166Same product: Wavlink Wl-Wn533A8

CVE-2024-39299Same product: Wavlink Wl-Wn533A8

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2017
Exploit, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108