← Volver a CVEs
CVE-2024-34166
CRITICAL10.0
Descripcion
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/14/2025
Ultima modificacion8/21/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
wavlink:wl-wn533a8wavlink:wl-wn533a8_firmware
Debilidades (CWE)
CWE-77
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2000(talos-cna@cisco.com)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2000(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.