Cyber Resilience

CVE-2024-39789

CriticalPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 20.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39789 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2024-39789 involves multiple external control of configuration vulnerabilities in the nas.cgi set_ftp_cfg() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. These flaws, classified under CWE-15, enable permission bypass through a specially crafted HTTP request, with a specific configuration injection vulnerability in the ftp_port POST parameter. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability with a changed scope.

An attacker with high privileges (PR:H) can exploit this by sending an authenticated HTTP request to the vulnerable nas.cgi endpoint. This triggers the permission bypass and configuration injection, potentially allowing arbitrary modifications to system configurations, such as FTP settings, which could lead to unauthorized access, data exposure, service disruption, or further compromise of the device.

Mitigation details are outlined in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056, which reported the vulnerabilities on 2025-01-14. Security practitioners should consult this reference for patch availability, workaround guidance, or firmware update recommendations specific to the affected Wavlink AC3000 devices.

EU & UK References

Vulnerability details

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability…

more

exists within the `ftp_port` POST parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct exploitation of a web CGI configuration injection flaw (nas.cgi) on a network device's public-facing interface, enabling authenticated config modification and permission bypass.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-39793Same product: Wavlink Wl-Wn533A8
CVE-2024-39799Same product: Wavlink Wl-Wn533A8
CVE-2024-39788Same product: Wavlink Wl-Wn533A8
CVE-2024-39790Same product: Wavlink Wl-Wn533A8
CVE-2024-39794Same product: Wavlink Wl-Wn533A8
CVE-2024-39795Same product: Wavlink Wl-Wn533A8
CVE-2024-39602Same product: Wavlink Wl-Wn533A8
CVE-2024-38666Same product: Wavlink Wl-Wn533A8
CVE-2024-39280Same product: Wavlink Wl-Wn533A8
CVE-2024-39800Same product: Wavlink Wl-Wn533A8

Affected Assets

wavlink
wl-wn533a8 firmware
m33a8.v5030.210505

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates configuration injection vulnerability by validating inputs like the ftp_port POST parameter to prevent external control of system configurations.

prevent

Enforces approved authorizations to counter the permission bypass in the nas.cgi set_ftp_cfg() functionality exploited via crafted HTTP requests.

prevent

Restricts and authorizes access to configuration changes, preventing unauthorized modifications to FTP settings even by high-privilege users exploiting the vulnerability.

References