Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://wavlink.com |
![]() ![]() |
https://github.com/L41KAA/CVE-2024-48705 |
![]() ![]() |
History
Tue, 02 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
Metrics |
cvssV3_1
|
Tue, 02 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T19:35:31.106Z
Reserved: 2024-10-08T00:00:00.000Z
Link: CVE-2024-48705

Updated: 2025-09-02T19:35:26.995Z

Status : Awaiting Analysis
Published: 2025-09-02T15:15:31.837
Modified: 2025-09-02T20:15:32.280
Link: CVE-2024-48705

No data.

No data.