CVE-2024-39794

CriticalPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0005 14.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39794 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to nas.cgi set_nas() proftpd functionality, directly preventing permission bypass via crafted HTTP requests.

SI-10 Information Input Validation good match

prevent

Validates information inputs like the ftp_port POST parameter to block configuration injection and external control of file name or path (CWE-15).

CM-6 Configuration Settings partial match

prevent

Establishes and maintains secure baseline configuration settings for router components like nas.cgi and proftpd to mitigate external configuration control vulnerabilities.

NVD Description

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection…

vulnerability exists in the `ftp_port` POST parameter.

Deeper analysisAI

CVE-2024-39794 involves multiple external configuration control vulnerabilities in the nas.cgi set_nas() proftpd functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. These flaws enable a permission bypass through a specially crafted HTTP request and include a configuration injection vulnerability in the `ftp_port` POST parameter. Published on January 14, 2025, the vulnerability is rated with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with CWE-15 (External Control of File Name or Path).

Exploitation requires an authenticated attacker with high privileges (PR:H) to send a specially crafted HTTP request over the network (AV:N). The low attack complexity (AC:L) and lack of user interaction (UI:N) allow the attacker to bypass permissions and inject configurations, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), compounded by a change in scope (S:C).

Details on the vulnerabilities, including potential mitigations, are provided in the Talos Intelligence advisory TALOS-2024-2053, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2053.

Details

CWE(s): CWE-15

Affected Products

wavlink

wl-wn533a8 firmware

m33a8.v5030.210505

CVEs Like This One

CVE-2024-39800Same product: Wavlink Wl-Wn533A8

CVE-2024-39602Same product: Wavlink Wl-Wn533A8

CVE-2024-39280Same product: Wavlink Wl-Wn533A8

CVE-2024-39795Same product: Wavlink Wl-Wn533A8

CVE-2024-39798Same product: Wavlink Wl-Wn533A8

CVE-2024-38666Same product: Wavlink Wl-Wn533A8

CVE-2024-39788Same product: Wavlink Wl-Wn533A8

CVE-2024-39789Same product: Wavlink Wl-Wn533A8

CVE-2024-39799Same product: Wavlink Wl-Wn533A8

CVE-2024-39793Same product: Wavlink Wl-Wn533A8

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2053
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2053
af854a3a-2127-422b-91ae-364da2661108