CVE-2024-39367

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality. This allows an attacker to execute arbitrary code by making a specially crafted HTTP request to the /api endpoint is not specified, but the request must be authenticated.

Recommendations: For version M33A8.V5030.210505, as a temporary workaround, consider disabling the iptablesWebsFilterRun() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.