CVE-2024-39783
Published: 14 January 2025
Summary
CVE-2024-39783 is a critical-severity Command Injection (CWE-77) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-39783 is a set of multiple OS command injection vulnerabilities in the adm.cgi sch_reboot() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. A specifically crafted HTTP request targeting the restart_week POST parameter allows arbitrary code execution. The vulnerability is classified under CWE-77 with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact network-based exploitation.
An authenticated attacker with high privileges (PR:H) can exploit this vulnerability by sending a malicious HTTP request to the affected device over the network. Successful exploitation grants arbitrary code execution with elevated scope (S:C), enabling full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) on the targeted router.
The primary advisory from Talos Intelligence (TALOS-2024-2033) documents these issues in detail, available at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2033. Practitioners should consult this report for recommended mitigations, such as firmware updates if available or restricting administrative access.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38362
Vulnerability details
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command…
more
injection vulnerability exists in the `restart_week` POST parameter.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public web admin interface directly enables T1190 exploitation for RCE and facilitates T1059.004 Unix shell command execution on the router.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the OS command injection vulnerability in adm.cgi sch_reboot() via timely firmware updates as recommended in TALOS-2024-2033.
Validates the restart_week POST parameter to block malicious input leading to arbitrary OS command execution.
Enforces least privilege on administrative accounts to limit the scope and impact of code execution from high-privilege (PR:H) exploitation.