CVE-2024-39798

CriticalPublic PoC

Published: 14 January 2025

Published

14 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0035 57.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39798 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents configuration injection vulnerabilities by validating and sanitizing inputs like the sel_open_protocol POST parameter to block arbitrary command execution.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation of the specific flaw in openvpn.cgi openvpn_server_setup() through vendor patching, eliminating the vulnerability.

CM-6 Configuration Settings partial match

prevent

Enforces secure baseline configuration settings for OpenVPN components to restrict unsafe configurations that could be exploited via external inputs.

NVD Description

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection…

vulnerability exists in the `sel_open_protocol` POST parameter.

Deeper analysisAI

CVE-2024-39798 involves multiple external config control vulnerabilities in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution, including a configuration injection vulnerability in the `sel_open_protocol` POST parameter. The vulnerability is classified under CWE-15 and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

An attacker with high privileges can exploit these vulnerabilities by sending an authenticated HTTP request to the affected component. Successful exploitation results in arbitrary command execution on the device, potentially allowing full compromise given the high impacts on confidentiality, integrity, and availability, along with a change in scope.

Mitigation details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050.

Details

CWE(s): CWE-15

Affected Products

wavlink

wl-wn533a8 firmware

m33a8.v5030.210505

CVEs Like This One

CVE-2024-39794Same product: Wavlink Wl-Wn533A8

CVE-2024-39800Same product: Wavlink Wl-Wn533A8

CVE-2024-39602Same product: Wavlink Wl-Wn533A8

CVE-2024-39280Same product: Wavlink Wl-Wn533A8

CVE-2024-39795Same product: Wavlink Wl-Wn533A8

CVE-2024-38666Same product: Wavlink Wl-Wn533A8

CVE-2024-39788Same product: Wavlink Wl-Wn533A8

CVE-2024-39789Same product: Wavlink Wl-Wn533A8

CVE-2024-39799Same product: Wavlink Wl-Wn533A8

CVE-2024-39793Same product: Wavlink Wl-Wn533A8

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050
Exploit, Third Party Advisory · talos-cna@cisco.com
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2050
af854a3a-2127-422b-91ae-364da2661108