CVE-2024-39788 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-39788?

CVE-2024-39788 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows authenticated attackers to bypass permissions and inject malicious configuration into the FTP settings of Wavlink AC3000 routers. Attackers can manipulate the ftp_name parameter to execute unauthorized configuration changes. This affects users of Wavlink AC3000 routers with the vulnerable firmware.

📋 TL;DR

This vulnerability allows authenticated attackers to bypass permissions and inject malicious configuration into the FTP settings of Wavlink AC3000 routers. Attackers can manipulate the ftp_name parameter to execute unauthorized configuration changes. This affects users of Wavlink AC3000 routers with the vulnerable firmware.

💻 Affected Systems

Products:

Wavlink AC3000 M33A8

Versions: V5030.210505 and likely earlier versions

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. Affects the nas.cgi functionality specifically.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to reconfigure router settings, potentially enabling persistent backdoor access, data exfiltration, or use as attack platform.

🟠

Likely Case

Unauthorized configuration changes to FTP settings leading to service disruption, data exposure, or credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls preventing unauthorized access to admin interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Wavlink website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable FTP service

all

Turn off FTP functionality to remove attack surface

Restrict admin interface access

all

Limit access to router admin interface to trusted IPs only

🧯 If You Can't Patch

Isolate affected routers in separate network segment with strict firewall rules
Implement strong authentication policies and regularly rotate admin credentials

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Update section

Check Version:

Login to router web interface and navigate to system information page

Verify Fix Applied:

Verify firmware version has been updated beyond V5030.210505

📡 Detection & Monitoring

Log Indicators:

Unusual configuration changes to FTP settings
Multiple failed authentication attempts followed by successful login
Unexpected POST requests to nas.cgi with set_ftp_cfg

Network Indicators:

Unusual FTP configuration changes from unexpected sources
Traffic to router admin interface from unauthorized IPs

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/nas.cgi" AND method="POST" AND params CONTAINS "set_ftp_cfg")

📊 Metadata

CVE ID: CVE-2024-39788

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-15

EPSS Score: 1.42% exploit probability (80.3th percentile)

Published: January 14, 2025

Last Updated: November 3, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2056

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39788, you might also want to check these: