Buffer Overflow Vulnerabilities in Wavlink AC3000 Router
CVE-2024-39803

9.1CRITICAL

Key Information:

Vendor

Wavlink

Vendor
CVE Published:
14 January 2025

What is CVE-2024-39803?

Multiple buffer overflow vulnerabilities have been identified in the qos.cgi qos_settings() functionality of the Wavlink AC3000 M33A8 router. An attacker can exploit these vulnerabilities by crafting a specially designed HTTP request during authenticated sessions, which may lead to a stack-based buffer overflow. A specific risk arises from the sel_mode POST parameter, further compound by the lack of proper bounds checking. This situation presents a significant security risk, as it could lead to unauthorized access and manipulation of system memory.

Affected Version(s)

Wavlink AC3000 M33A8.V5030.210505

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Discovered by Lilith >_> of Cisco Talos.
.
CVE-2024-39803 : Buffer Overflow Vulnerabilities in Wavlink AC3000 Router