Cyber Resilience

CVE-2024-39800

CriticalPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0048 65.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39800 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-39800 consists of multiple external control of configuration vulnerabilities (CWE-15) in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505, along with a configuration injection vulnerability in the `open_port` POST parameter. These flaws allow a specially crafted HTTP request to lead to arbitrary command execution. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, high privilege requirements, expanded scope, and high impact on confidentiality, integrity, and availability.

An authenticated attacker with high privileges can exploit these vulnerabilities by sending a specially crafted HTTP request to the affected openvpn.cgi endpoint. Successful exploitation enables arbitrary command execution on the device, potentially allowing full compromise of the router, including data exfiltration, further network pivoting, or persistent access.

The primary advisory from Talos Intelligence (TALOS-2024-2050) documents these issues; practitioners should consult it for detailed technical analysis and any recommended mitigations or patches, as no specific remediation details are provided in the CVE description.

EU & UK References

Vulnerability details

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection…

more

vulnerability exists in the `open_port` POST parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct RCE via network-accessible CGI endpoint (T1190) enabling Unix shell command execution (T1059.004) on the router.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-38666Same product: Wavlink Wl-Wn533A8
CVE-2024-39280Same product: Wavlink Wl-Wn533A8
CVE-2024-39793Same product: Wavlink Wl-Wn533A8
CVE-2024-39799Same product: Wavlink Wl-Wn533A8
CVE-2024-39788Same product: Wavlink Wl-Wn533A8
CVE-2024-39790Same product: Wavlink Wl-Wn533A8
CVE-2024-39794Same product: Wavlink Wl-Wn533A8
CVE-2024-39789Same product: Wavlink Wl-Wn533A8
CVE-2024-39795Same product: Wavlink Wl-Wn533A8
CVE-2024-39602Same product: Wavlink Wl-Wn533A8

Affected Assets

wavlink
wl-wn533a8 firmware
m33a8.v5030.210505

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents configuration injection and arbitrary command execution by validating and sanitizing specially crafted HTTP POST parameters like `open_port` in openvpn.cgi.

prevent

Remediates the specific flaws in openvpn_server_setup() functionality through timely identification, reporting, and correction via firmware patches.

prevent

Mitigates exploitation by configuring the router to least functionality, such as prohibiting unnecessary OpenVPN CGI endpoints vulnerable to external config control.

References