Cyber Resilience

CVE-2024-48705

MediumPublic PoC

Published: 02 September 2025

Published
02 September 2025
Modified
04 September 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0908 92.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48705 is a medium-severity Command Injection (CWE-77) vulnerability in Wavlink Wl-Wn531P3 Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Wavlink AC1200 wireless routers running firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 contain a post-authentication command injection vulnerability in the set_sys_adm function of the adm.cgi binary. The flaw stems from insufficient sanitization of the user-supplied newpass parameter during password reset operations and is tracked as CWE-77.

An attacker who has already obtained valid administrative credentials can supply a crafted newpass value that results in arbitrary command execution on the device. Successful exploitation yields limited impacts to confidentiality and integrity without affecting availability, consistent with the reported CVSS 6.5 score.

The vendor site at wavlink.com and the public disclosure at github.com/L41KAA/CVE-2024-48705 do not detail official patches or configuration workarounds.

EPSS for the CVE rose from low values at disclosure to a peak of 0.1593 on 2025-12-11 before receding to the current 0.0908, indicating emerging exploitation interest several months after publication.

EU & UK References

Vulnerability details

Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the…

more

user provided "newpass" field

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wavlink
wl-wn531p3 firmware
m32a3_v1410_230602, m32a3_v1410_240222

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References