Buffer Overflow Vulnerabilities in Wavlink AC3000 Router
CVE-2024-39801
9.1CRITICAL
What is CVE-2024-39801?
Multiple buffer overflow vulnerabilities have been identified in the qos.cgi qos_settings() functionality of the Wavlink AC3000 M33A8.V5030.210505 router. These vulnerabilities can be triggered by sending a specially crafted HTTP request, which may lead to stack-based buffer overflow, allowing an attacker to execute arbitrary code or compromise the device. Specifically, the vulnerabilities arise from the qos_bandwidth
POST parameter, making this a significant security concern for users of this router model. To mitigate the risk, immediate updates and patches from the vendor are recommended.
Affected Version(s)
Wavlink AC3000 M33A8.V5030.210505