CVE-2024-39754

Exploit

EPSS 0.27%
Veröffentlicht 14.01.2025 15:15:20
Zuletzt bearbeitet 21.08.2025 20:38:12
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wavlink ≫ Wl-wn533a8 Firmware Versionm33a8.v5030.210505

Wavlink ≫ Wl-wn533a8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.505

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
talos-cna@cisco.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034

Third Party Advisory

Exploit

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2034

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-39754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39754

EUVD