CVE-2024-48705

Published: Sep 2, 2025

Modified: Sep 2, 2025

PUBLISHED

Description

Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://wavlink.com

https://github.com/L41KAA/CVE-2024-48705

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-48705

Description

Affected Products

References