CVE-2024-48705 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-48705

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-02 Sep, 2025 | 15:15

Updated At-04 Sep, 2025 | 17:47

Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CPE Matches

WAVLINK Technology Ltd.

>>wl-wn531p3_firmware>>m32a3_v1410_230602

cpe:2.3:o:wavlink:wl-wn531p3_firmware:m32a3_v1410_230602:*:*:*:*:*:*:*

WAVLINK Technology Ltd.

>>wl-wn531p3_firmware>>m32a3_v1410_240222

cpe:2.3:o:wavlink:wl-wn531p3_firmware:m32a3_v1410_240222:*:*:*:*:*:*:*

WAVLINK Technology Ltd.

>>wl-wn531p3>>-

cpe:2.3:h:wavlink:wl-wn531p3:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-77

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://wavlink.com	cve@mitre.org	Product
https://github.com/L41KAA/CVE-2024-48705	cve@mitre.org	Exploit

Hyperlink: http://wavlink.com

Source: cve@mitre.org

Resource:

Product

Hyperlink: https://github.com/L41KAA/CVE-2024-48705

Source: cve@mitre.org

Resource:

Exploit