{ "id": "CVE-2024-39790", "sourceIdentifier": "talos-cna@cisco.com", "published": "2025-01-14T15:15:24.367", "lastModified": "2025-01-14T15:15:24.367", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter." }, { "lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de control de configuraci\u00f3n externa en la funci\u00f3n set_ftp_cfg() de nas.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la omisi\u00f3n de permisos. Un atacante puede realizar una solicitud HTTP autenticada para activar estas vulnerabilidades. Existe una vulnerabilidad de inyecci\u00f3n de configuraci\u00f3n dentro del par\u00e1metro POST `ftp_max_sessions`." } ], "metrics": { "cvssMetricV31": [ { "source": "talos-cna@cisco.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.3, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "talos-cna@cisco.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-15" } ] } ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2056", "source": "talos-cna@cisco.com" } ] }