Buffer Overflow Vulnerabilities in Wavlink AC3000 Router
CVE-2024-39801

9.1CRITICAL

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
14 January 2025

What is CVE-2024-39801?

Multiple buffer overflow vulnerabilities have been identified in the qos.cgi qos_settings() functionality of the Wavlink AC3000 M33A8.V5030.210505 router. These vulnerabilities can be triggered by sending a specially crafted HTTP request, which may lead to stack-based buffer overflow, allowing an attacker to execute arbitrary code or compromise the device. Specifically, the vulnerabilities arise from the qos_bandwidth POST parameter, making this a significant security concern for users of this router model. To mitigate the risk, immediate updates and patches from the vendor are recommended.

Affected Version(s)

Wavlink AC3000 M33A8.V5030.210505

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Discovered by Lilith >_> of Cisco Talos.
.
CVE-2024-39801 : Buffer Overflow Vulnerabilities in Wavlink AC3000 Router