Stack-Based Buffer Overflow in Wavlink AC3000 Products
CVE-2024-36258

Currently unrated

Key Information:

Vendor: Wavlink
Status: AC3000 M33A8.V5030.210505
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-36258?

A stack-based buffer overflow vulnerability has been identified in the touchlist_sync.cgi's touchlistsync() function of the Wavlink AC3000 M33A8.V5030.210505. This vulnerability allows an attacker to exploit the system through specially crafted HTTP requests, which may lead to arbitrary code execution. Users are advised to implement necessary mitigations and monitor for suspicious activity to safeguard their devices.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025