CVE-2024-39604

CriticalPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

21 August 2025

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0075 73.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39604 is a critical-severity Injection (CWE-74) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 26.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates and sanitizes HTTP inputs to the update_filter_url.sh script, directly preventing command injection from specially crafted requests.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Enforces transmission confidentiality and integrity to block man-in-the-middle attacks required to deliver the malicious HTTP request.

SI-2 Flaw Remediation good match

prevent

Promptly remediates the specific injection flaw in the router firmware via patching as advised in the Talos report.

NVD Description

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Deeper analysisAI

CVE-2024-39604 is a command execution vulnerability in the update_filter_url.sh functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. The flaw allows a specially crafted HTTP request to trigger arbitrary command execution on the device. It has been assigned a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-74, indicating an injection-related issue.

The vulnerability can be exploited by a remote attacker performing a man-in-the-middle (MitM) attack, which aligns with the high attack complexity (AC:H) in its CVSS vector. No user privileges or interaction are required (PR:N/UI:N), and successful exploitation grants high-impact scope (S:C) with full confidentiality, integrity, and availability compromise (C:H/I:H/A:H), enabling arbitrary command execution on the targeted router.

Details on mitigation, including any patches or workarounds, are available in the Cisco Talos Intelligence advisory TALOS-2024-2038, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2038. The vulnerability was published on 2025-01-14.

Details

CWE(s): CWE-74

Affected Products

wavlink

wl-wn533a8 firmware

m33a8.v5030.210505

CVEs Like This One

CVE-2024-39784Same product: Wavlink Wl-Wn533A8

CVE-2024-36295Same product: Wavlink Wl-Wn533A8

CVE-2024-21797Same product: Wavlink Wl-Wn533A8

CVE-2024-34544Same product: Wavlink Wl-Wn533A8

CVE-2024-39785Same product: Wavlink Wl-Wn533A8

CVE-2024-36290Same product: Wavlink Wl-Wn533A8

CVE-2024-39781Same product: Wavlink Wl-Wn533A8

CVE-2024-39795Same product: Wavlink Wl-Wn533A8

CVE-2024-39798Same product: Wavlink Wl-Wn533A8

CVE-2024-36493Same product: Wavlink Wl-Wn533A8

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2038
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2038
Exploit, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108