Buffer Overflow Vulnerabilities in Wavlink Wireless Router
CVE-2024-39802

9.1CRITICAL

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
14 January 2025

What is CVE-2024-39802?

Multiple buffer overflow vulnerabilities have been identified in the qos.cgi qos_settings() functionality of the Wavlink AC3000 M33A8.V5030.210505 router. An attacker can exploit these vulnerabilities by sending specially crafted HTTP requests, potentially leading to a stack-based buffer overflow condition. These vulnerabilities can be triggered through authenticated HTTP requests, emphasizing the need for users to secure their devices against unauthorized access.

Affected Version(s)

Wavlink AC3000 M33A8.V5030.210505

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Discovered by Lilith >_> of Cisco Talos.
.
CVE-2024-39802 : Buffer Overflow Vulnerabilities in Wavlink Wireless Router