CVE-2024-39790 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-39790?

CVE-2024-39790 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows authenticated attackers to bypass permissions and inject configuration parameters in Wavlink AC3000 routers. Attackers can manipulate FTP session limits and other settings through crafted HTTP requests. Only users of specific Wavlink router models with vulnerable firmware are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to bypass permissions and inject configuration parameters in Wavlink AC3000 routers. Attackers can manipulate FTP session limits and other settings through crafted HTTP requests. Only users of specific Wavlink router models with vulnerable firmware are affected.

💻 Affected Systems

Products:

Wavlink AC3000 M33A8

Versions: V5030.210505 and likely earlier versions

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface, but authentication bypass may be possible through other means.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing configuration of backdoors, network redirection, or disabling security features, potentially leading to full network infiltration.

🟠

Likely Case

Unauthorized configuration changes to FTP settings, potential denial of service through session manipulation, and privilege escalation within the router administration interface.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized users from reaching the vulnerable interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses simple HTTP POST requests. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Wavlink website for firmware updates. 2. Download latest firmware for AC3000 M33A8. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router after update completes.

🔧 Temporary Workarounds

Disable FTP Service

all

Turn off FTP functionality to remove attack surface

Restrict Admin Interface Access

all

Limit access to router admin interface to trusted IPs only

🧯 If You Can't Patch

Isolate router on separate VLAN with strict firewall rules
Disable remote administration and ensure admin interface is only accessible from internal network

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Update section

Check Version:

Login to router web interface and navigate to System Information page

Verify Fix Applied:

Verify firmware version is newer than V5030.210505 and test FTP configuration changes require proper authentication

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to nas.cgi with set_ftp_cfg parameter
Multiple failed authentication attempts followed by configuration changes
Unexpected FTP service configuration modifications

Network Indicators:

HTTP traffic to router admin interface from unexpected sources
POST requests containing ftp_max_sessions parameter manipulation

SIEM Query:

source_ip=* AND dest_ip=[router_ip] AND url_path="*nas.cgi*" AND http_method="POST" AND params="*set_ftp_cfg*"

📊 Metadata

CVE ID: CVE-2024-39790

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-15

EPSS Score: 1.42% exploit probability (80.3th percentile)

Published: January 14, 2025

Last Updated: November 3, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2056

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39790, you might also want to check these: