Wavlink AC3000 Unauthenticated Firmware Update Vulnerability in login.cgi

A vulnerability allowing unauthorized firmware updates has been identified in the Wavlink AC3000 router, specifically in the login.cgi component of version M33A8.V5030.210505. This issue arises from the absence of authentication checks, allowing attackers to send crafted HTTP requests that trigger arbitrary firmware uploads.

Impact

Exploitation of this vulnerability allows for unauthenticated users to upload and install arbitrary firmware on the router, potentially leading to unauthorized modifications or control over the device.

Reproduction

The vulnerability can be reproduced by sending an HTTP POST request to the router's login.cgi interface. The request must include the firmware data in a format that the router will accept. Once the request is received, the router will validate the firmware data and, if the checks pass, write the firmware to the device. After the upload, the router will automatically reboot, applying the uploaded firmware.

Remediation

Wavlink has acknowledged the vulnerability and is working on a patch, although no specific release date has been provided. Users are advised to monitor for updates from Wavlink.