CVE-2024-48705

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wavlink AC1200 versions M32A3 V1410 230602 and M32A3 V1410 240222

Description The Wavlink AC1200 is susceptible to a post-authentication command injection when resetting the password. The issue resides within the adm.cgi binary, specifically in the set sys adm function, due to insufficient sanitization of the newpass field provided by the user.

Recommendations Wavlink AC1200 version M32A3 V1410 230602: Update to a newer firmware version. Wavlink AC1200 version M32A3 V1410 240222: Update to a newer firmware version.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-48705

Affected Products

Wavlink Ac1200

CVE-2024-48705

Weakness Enumeration

Related Identifiers

Affected Products

References · 7