CVE-2024-37186

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505

Description: An operating system command injection vulnerability exists in the set ledonoff() function of the adm.cgi component. A specially crafted HTTP request can lead to arbitrary code execution. An authenticated HTTP request from an attacker can trigger this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.