CVE-2024-39754 – A critical static login vulnerability in Wavlin... (How to Fix)

Q: What is the severity of CVE-2024-39754?

CVE-2024-39754 has a CVSS score of 10.0 (CRITICAL). A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attackers to gain root access by sending specially crafted network packets. This affects all users of the vulnerable firmware version. The CVSS 10.0 score indicates maximum severity with no authentication required.

📋 TL;DR

A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attackers to gain root access by sending specially crafted network packets. This affects all users of the vulnerable firmware version. The CVSS 10.0 score indicates maximum severity with no authentication required.

💻 Affected Systems

Products:

Wavlink AC3000 M33A8

Versions: V5030.210505

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the wctrls functionality specifically. All devices running this firmware version are vulnerable regardless of configuration.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router with root access, allowing attacker to intercept all network traffic, install persistent malware, pivot to internal networks, and brick the device.

🟠

Likely Case

Remote code execution leading to router takeover, credential theft, DNS hijacking, and creation of botnet nodes.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, but still vulnerable to internal attackers.

🌐 Internet-Facing: HIGH - Directly exploitable from internet without authentication.

🏢 Internal Only: HIGH - Exploitable from any network segment with access to the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Talos Intelligence has published detailed analysis. Exploit requires sending crafted packets to the vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Wavlink website for firmware updates. 2. If update available, download and verify checksum. 3. Backup current configuration. 4. Upload firmware via admin interface. 5. Factory reset after update. 6. Restore minimal configuration.

🔧 Temporary Workarounds

Network Isolation

all

Place router behind firewall blocking all inbound traffic to vulnerable ports

Service Disablement

all

Disable wctrls functionality if possible via admin interface

🧯 If You Can't Patch

Replace affected device with patched or different model
Implement strict network segmentation and monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface. If version is V5030.210505, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Update section

Verify Fix Applied:

Verify firmware version is newer than V5030.210505. Test with network scanner for open vulnerable ports.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts to wctrls service
Root privilege escalation in system logs
Unexpected configuration changes

Network Indicators:

Crafted packets to router management ports
Unusual outbound connections from router
DNS or routing table modifications

SIEM Query:

source="router_logs" AND ("wctrls" OR "privilege escalation" OR "root access")

📊 Metadata

CVE ID: CVE-2024-39754

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-912

EPSS Score: 0.27% exploit probability (50.3th percentile)

Published: January 14, 2025

Last Updated: August 21, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2034 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2034 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39754, you might also want to check these: