CVE-2024-48705
published 2025-09-02CVE-2024-48705: Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the…
PriorityP349medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
3.59%
88.0th percentile
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavlink | wl-wn531p3_firmware | — | — |
| wavlink | wl-wn531p3_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Wavlink adm.cgi Multiple Parameters Command Injection Attempt (CVE-2025-50757, 2025-50755, CVE-2024-48705)
suricata·2025-09-03·CVSS 6.5
CVE-2025-50757 [MEDIUM] ET WEB_SPECIFIC_APPS Wavlink adm.cgi Multiple Parameters Command Injection Attempt (CVE-2025-50757, 2025-50755, CVE-2024-48705)
ET WEB_SPECIFIC_APPS Wavlink adm.cgi Multiple Parameters Command Injection Attempt (CVE-2025-50757, 2025-50755, CVE-2024-48705)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Wavlink adm.cgi Multiple Parameters Command Injection Attempt (CVE-2025-50757, 2025-50755, CVE-2024-48705)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:16; content:"/cgi-bin/adm.cgi"; fast_pattern; http.request_body; pcre:"/(?:username|command|newpass)\x3d[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/"; reference:cve,2025-50757; reference:cve,2024-48705; reference:url,github.com/Summermu/VulnForIoT; reference:cve,2025-50755; classtype:attempted-admin; sid:2064278; rev:1; metadata:affected_product Wavlink, attack_target Netwo
No public exploits indexed.
No writeups or analysis indexed.
2025-09-02
Published