Unrated severityNVD Advisory· Published Sep 2, 2025· Updated Sep 2, 2025

CVE-2024-48705

Description

Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field

Affected products

Wavlink/AC1200description
Wavlink/AC1200llm-create
Range: M32A3_V1410_230602, M32A3_V1410_240222

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wavlink.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000