CVE-2024-39764

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505

Description: Multiple OS command injection vulnerabilities exist in the set add routing() functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can trigger these vulnerabilities by making an authenticated HTTP request. A command injection vulnerability exists in the dest POST parameter.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.