CVE-2024-39800
Published: 14 January 2025
Summary
CVE-2024-39800 is a critical-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents configuration injection and arbitrary command execution by validating and sanitizing specially crafted HTTP POST parameters like `open_port` in openvpn.cgi.
Remediates the specific flaws in openvpn_server_setup() functionality through timely identification, reporting, and correction via firmware patches.
Mitigates exploitation by configuring the router to least functionality, such as prohibiting unnecessary OpenVPN CGI endpoints vulnerable to external config control.
NVD Description
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection…
more
vulnerability exists in the `open_port` POST parameter.
Deeper analysisAI
CVE-2024-39800 consists of multiple external control of configuration vulnerabilities (CWE-15) in the openvpn.cgi openvpn_server_setup() functionality of the Wavlink AC3000 router running firmware version M33A8.V5030.210505, along with a configuration injection vulnerability in the `open_port` POST parameter. These flaws allow a specially crafted HTTP request to lead to arbitrary command execution. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, high privilege requirements, expanded scope, and high impact on confidentiality, integrity, and availability.
An authenticated attacker with high privileges can exploit these vulnerabilities by sending a specially crafted HTTP request to the affected openvpn.cgi endpoint. Successful exploitation enables arbitrary command execution on the device, potentially allowing full compromise of the router, including data exfiltration, further network pivoting, or persistent access.
The primary advisory from Talos Intelligence (TALOS-2024-2050) documents these issues; practitioners should consult it for detailed technical analysis and any recommended mitigations or patches, as no specific remediation details are provided in the CVE description.
Details
- CWE(s)