CVE-2024-39754

CriticalPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

21 August 2025

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0025 48.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39754 is a critical-severity Hidden Functionality (CWE-912) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, ranked at the 48.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and remediation of the static login vulnerability in the router firmware.

SC-7 Boundary Protection good match

prevent

Monitors and controls communications at network boundaries to block unauthenticated crafted packets from reaching the vulnerable wctrls functionality.

SI-10 Information Input Validation good match

prevent

Validates information inputs from network packets to prevent specially crafted data from exploiting the static login mechanism and granting root access.

NVD Description

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.

Deeper analysisAI

CVE-2024-39754 is a static login vulnerability in the wctrls functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. The issue allows a specially crafted set of network packets to lead to root access on the affected device. It is classified under CWE-912 and was published on 2025-01-14 with a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critical.

An unauthenticated attacker with network access can exploit this vulnerability by sending specially crafted packets to the device. Successful exploitation grants root-level privileges, enabling high-impact compromise of confidentiality, integrity, and availability without requiring privileges, user interaction, or high complexity.

Further technical details are provided in the Talos Intelligence vulnerability report at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034.

Details

CWE(s): CWE-912

Affected Products

wavlink

wl-wn533a8 firmware

m33a8.v5030.210505

CVEs Like This One

CVE-2024-39358Same product: Wavlink Wl-Wn533A8

CVE-2024-39802Same product: Wavlink Wl-Wn533A8

CVE-2024-39794Same product: Wavlink Wl-Wn533A8

CVE-2024-37184Same product: Wavlink Wl-Wn533A8

CVE-2024-39294Same product: Wavlink Wl-Wn533A8

CVE-2024-39357Same product: Wavlink Wl-Wn533A8

CVE-2024-39801Same product: Wavlink Wl-Wn533A8

CVE-2024-34166Same product: Wavlink Wl-Wn533A8

CVE-2024-39299Same product: Wavlink Wl-Wn533A8

CVE-2024-39756Same product: Wavlink Wl-Wn533A8

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2034
Exploit, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108