Buffer Overflow Vulnerability in Wavlink AC3000 Router
CVE-2024-39299

Currently unrated

Key Information:

Vendor: Wavlink
Status: Wavlink AC3000 M33A8
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-39299?

A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() function of the Wavlink AC3000 M33A8 router. This issue can be exploited by an attacker who sends a specially crafted HTTP request, leading to a stack-based buffer overflow. Successful exploitation could allow an unauthorized user to potentially execute arbitrary code or disrupt the operation of the affected device.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025