Primary

Context

Wavlink AC3000 OS Command Injection Vulnerability in adm.cgi sch_reboot() Function

Vulnerability

A command injection vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi file within the sch_reboot() function. This vulnerability allows authenticated users to execute arbitrary commands on the device. The issue arises from improper handling of the restart_min POST parameter, which can be exploited by sending a specially crafted HTTP request. Once exploited, the injected command is executed with the privileges of the user running the web server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to the adm.cgi script with the restart_min parameter crafted to include malicious commands. The sch_reboot() function will parse the input and execute the injected command as part of the router's scheduled tasks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wavlink AC3000 OS Command Injection Vulnerability in adm.cgi sch_reboot() Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating