Buffer Overflow Vulnerability in Wavlink AC3000 Product
CVE-2024-36272

Currently unrated

Key Information:

Vendor: Wavlink
Status: Wavlink AC3000 M33A8.V5030.210505
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-36272?

A buffer overflow vulnerability has been identified in the set_info() function of usbip.cgi within the Wavlink AC3000. This vulnerability allows an attacker to exploit it by sending a specially crafted HTTP request, which could result in a stack-based buffer overflow. Successful exploitation requires the attacker to be authenticated, emphasizing the need for robust security measures and regular updates.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025