How severe is CVE-2024-39789?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-39789?

This is classified as CWE-15, which is a common weakness in software security.

CVE-2024-39789 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter.

Related Vulnerabilities

CVE-2021-38453

CRITICAL

CVSS:9.1(Critical)

Some API functions allow interaction with the registry, which includes reading values as well as data modification.

CWE-152021

CVE-2024-38666

CRITICAL

CVSS:9.1(Critical)

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com...

CWE-152024

CVE-2024-39280

CRITICAL

CVSS:9.1(Critical)

An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command executio...

CWE-152024

CVE-2024-39602

CRITICAL

CVSS:9.1(Critical)

An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. A...

CWE-152024

CVE-2024-39788

CRITICAL

CVSS:9.1(Critical)

CWE-152024

CVE-2024-39790

CRITICAL

CVSS:9.1(Critical)

CWE-152024