CVE-2024-39788 in AC3000info

Summary

by MITRE • 01/14/2025

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/22/2025

The vulnerability identified as CVE-2024-39788 represents a critical security flaw within the Wavlink AC3000 M33A8.V5030.210505 router firmware, specifically affecting the nas.cgi component's set_ftp_cfg() function. This issue stems from inadequate input validation and sanitization mechanisms that allow malicious actors to manipulate configuration parameters through crafted HTTP requests. The vulnerability operates at the intersection of multiple security domains, creating a pathway for unauthorized system modification that could compromise the entire network infrastructure. The affected device falls under the category of consumer-grade networking equipment that typically handles sensitive network configuration data, making it a prime target for exploitation by threat actors seeking persistent access to corporate or residential networks.

The technical implementation of this vulnerability manifests through the improper handling of the ftp_name POST parameter within the set_ftp_cfg() function. When an authenticated user submits a malicious HTTP request containing specially crafted data in the ftp_name field, the system fails to properly validate or sanitize this input before processing it as part of the configuration update routine. This configuration injection vulnerability allows attackers to bypass normal permission controls and potentially inject arbitrary configuration data that could alter FTP service settings, user access controls, or other critical network parameters. The flaw essentially creates a backdoor mechanism where legitimate authenticated sessions can be exploited to perform unauthorized configuration changes, effectively undermining the device's access control mechanisms.

The operational impact of CVE-2024-39788 extends beyond simple configuration manipulation, as it enables attackers to establish persistent footholds within network environments. Once exploited, this vulnerability could allow threat actors to modify FTP server configurations, create unauthorized user accounts, or even enable remote access services that were not originally intended to be available. The permission bypass aspect means that even users with limited privileges could potentially escalate their access level to gain administrative control over the router's configuration settings. This vulnerability particularly affects environments where Wavlink routers are deployed in enterprise or home office settings where network security is paramount, as it could enable attackers to gain insights into network topology, user credentials, or other sensitive information that might be accessible through the FTP configuration interface.

Security professionals should approach this vulnerability with immediate attention due to its potential for privilege escalation and configuration manipulation. The recommended mitigation strategies include implementing strict input validation on all parameters within the nas.cgi component, particularly focusing on the ftp_name field and related configuration parameters. Network administrators should ensure that firmware updates are applied promptly to address this vulnerability, as the device is part of a specific model line that may be susceptible to similar issues. The vulnerability aligns with CWE-20, which covers improper input validation, and could potentially map to ATT&CK techniques related to privilege escalation and configuration modification. Organizations should also implement network monitoring to detect unusual HTTP request patterns targeting the nas.cgi endpoint and consider network segmentation to limit the potential impact of exploitation. Additionally, the vulnerability highlights the importance of secure coding practices in embedded systems and the necessity of thorough security testing for all configuration management functions within network infrastructure devices.

Responsible

Talos

Reservation

06/28/2024

Disclosure

01/14/2025

Moderation

accepted

CPE

ready

EPSS

0.01457

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!