What is CVE-2024-39363?

CVE-2024-39363 is a critical-severity vulnerability in Wavlink Ac3000, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 9.6/10. Published 2025-01-14.

How severe is CVE-2024-39363?

Critical severity. CVSS v3 base score is 9.6 out of 10.

XSS in Wavlink Ac3000

CVE-2024-39363

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker c…

EPSS: 0.107 (93.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Wavlink Ac3000 — versions M33A8.V5030.210505

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2017

Frequently asked questions

What is CVE-2024-39363?: CVE-2024-39363 is a critical-severity vulnerability in Wavlink Ac3000, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 9.6/10. Published 2025-01-14.
How severe is CVE-2024-39363?: Critical severity. CVSS v3 base score is 9.6 out of 10.