CVE-2024-39360 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-39360?

CVE-2024-39360 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Wavlink AC3000 routers through the nas.cgi interface. Attackers can achieve full system compromise by injecting malicious commands into the remove_dir() function. Only users of specific Wavlink router models with vulnerable firmware are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Wavlink AC3000 routers through the nas.cgi interface. Attackers can achieve full system compromise by injecting malicious commands into the remove_dir() function. Only users of specific Wavlink router models with vulnerable firmware are affected.

💻 Affected Systems

Products:

Wavlink AC3000

Versions: M33A8.V5030.210505

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. All devices running this specific firmware version are vulnerable.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover allowing installation of persistent malware, credential theft, network pivoting to internal systems, and participation in botnets.

🟠

Likely Case

Router compromise leading to DNS hijacking, credential interception, network traffic monitoring, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and restricted administrative access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but is straightforward once credentials are obtained. Public technical details available in Talos report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check Wavlink website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware.

🔧 Temporary Workarounds

Disable NAS functionality

all

Turn off Network Attached Storage features if not required

Restrict admin access

linux

Limit administrative interface access to specific IP addresses

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict firewall rules
Implement multi-factor authentication for router administration

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or About section

Check Version:

curl -s http://router-ip/cgi-bin/nas.cgi | grep -i version

Verify Fix Applied:

Verify firmware version has been updated to a version newer than M33A8.V5030.210505

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login
Suspicious HTTP POST requests to /cgi-bin/nas.cgi with shell metacharacters

Network Indicators:

Unexpected outbound connections from router
DNS queries to suspicious domains
Unusual traffic patterns from router IP

SIEM Query:

source="router.log" AND ("nas.cgi" OR "remove_dir") AND ("|" OR ";" OR "$" OR "`")

📊 Metadata

CVE ID: CVE-2024-39360

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 1.3% exploit probability (79.4th percentile)

Published: January 14, 2025

Last Updated: August 21, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2054 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2054 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39360, you might also want to check these: