CVE-2024-39273

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A firmware update issue exists in the fw check.sh functionality. This allows an attacker to perform a man-in-the-middle attack using a specially crafted HTTP request, potentially leading to arbitrary firmware updates.

Recommendations: For Wavlink AC3000 version M33A8.V5030.210505, as a temporary workaround, consider restricting access to the fw check.sh functionality until a patch is available. Avoid using the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.