Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn531p3
Wavlink wl-wn531p3 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn531p3:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn531p3_firmware:m32a3_v1410_230602:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn531p3_firmware:m32a3_v1410_240222:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn531p3
Wavlink wl-wn531p3 Firmware

Tue, 02 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Description Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-02T19:35:31.106Z

Reserved: 2024-10-08T00:00:00.000Z

Link: CVE-2024-48705

cve-icon Vulnrichment

Updated: 2025-09-02T19:35:26.995Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-02T15:15:31.837

Modified: 2025-09-04T17:47:01.483

Link: CVE-2024-48705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.