Buffer Overflow Vulnerability in Wavlink AC3000 M33A8 by Wavlink
CVE-2024-36493

Currently unrated

Key Information:

Vendor: Wavlink
Status: AC3000 M33A8
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-36493?

A stack-based buffer overflow vulnerability has been identified in the 'set_wifi_basic()' functionality of the Wavlink AC3000 M33A8. This flaw allows an attacker to execute arbitrary commands through a specially crafted HTTP request, contingent upon prior authentication. By exploiting this vulnerability, unauthorized actions can be performed on devices running the specific version, leading to potential system compromise.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025