CVE-2024-39604

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A command execution issue exists in the update filter url.sh functionality. This allows an attacker to execute arbitrary commands using a specially crafted HTTP request. An attacker can perform a man-in-the-middle attack to trigger this issue.

Recommendations: For Wavlink AC3000 version M33A8.V5030.210505, consider disabling the update filter url.sh functionality until a patch is available to prevent potential command execution. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.