CVE-2024-39754

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A static login vulnerability exists in the wctrls functionality. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.

Recommendations: For version M33A8.V5030.210505, consider disabling the wctrls functionality until a patch is available. Restrict access to the network to minimize the risk of exploitation. Avoid using the vulnerable function to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.