CVE-2024-39608

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A firmware update issue exists in the login.cgi functionality. This allows an attacker to send a specially crafted HTTP request to trigger an arbitrary firmware update. The vulnerability can be exploited by sending an unauthenticated message.

Recommendations: For version M33A8.V5030.210505, as a temporary workaround, consider restricting access to the login.cgi functionality until a patch is available. Avoid using the login.cgi function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.