{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T09:10:59.645","vulnerabilities":[{"cve":{"id":"CVE-2024-39800","sourceIdentifier":"talos-cna@cisco.com","published":"2025-01-14T15:15:25.347","lastModified":"2025-11-03T22:17:10.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter."},{"lang":"es","value":"Existen múltiples vulnerabilidades de control de configuración externa en la función openvpn.cgi openvpn_server_setup() de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la ejecución de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar estas vulnerabilidades. Existe una vulnerabilidad de inyección de configuración en el parámetro POST `open_port`."}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-15"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*","matchCriteriaId":"EC5E3005-3FAD-449B-A34F-AAD42FB82614"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*","matchCriteriaId":"2536B2FD-9821-4A7C-9D42-D8E05A5CE330"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2050","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2050","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}