Buffer Overflow in WAVLINK QUANTUM and WL-WN Series Routers
CVE-2025-5408

9.3CRITICAL

Key Information:

Vendor: Wavlink
Status: Quantum D2g; Quantum D3g; Wl-wn530g3a; Wl-wn530hg3
Vendor: CVE Published:; 1 June 2025

What is CVE-2025-5408?

A significant buffer overflow vulnerability exists in the HTTP POST Request Handler for various WAVLINK routers, specifically involving the sys_login function in the login.cgi file. By manipulating the login_page argument, an attacker can exploit this vulnerability remotely, potentially allowing unauthorized access or control over the affected devices. Despite early notification to the vendor, no remediation has been provided, heightening the risk for users running versions up to V1410_240222.

Affected Version(s)

QUANTUM D2G V1410_240222

QUANTUM D3G V1410_240222

WL-WN530G3A V1410_240222

References

https://vuldb.com/?id.310748

vdb-entrytechnical-description

https://vuldb.com/?ctiid.310748

signaturepermissions-required

https://vuldb.com/?submit.583486

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2025
Vulnerability Reserved
May 31, 2025

Credit

CH13hh (VulDB User)

Wavlink

What is CVE-2025-5408?

Affected Version(s)

References

CVSS V4

Timeline

Credit