Buffer Overflow in WAVLINK QUANTUM and WL-WN Series Routers
CVE-2025-5408

9.3CRITICAL

Key Information:

Vendor

Wavlink

Status
Quantum D2g
Quantum D3g
Wl-wn530g3a
Wl-wn530hg3
Vendor
CVE Published:
1 June 2025

What is CVE-2025-5408?

A significant buffer overflow vulnerability exists in the HTTP POST Request Handler for various WAVLINK routers, specifically involving the sys_login function in the login.cgi file. By manipulating the login_page argument, an attacker can exploit this vulnerability remotely, potentially allowing unauthorized access or control over the affected devices. Despite early notification to the vendor, no remediation has been provided, heightening the risk for users running versions up to V1410_240222.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QUANTUM D2G V1410_240222

QUANTUM D3G V1410_240222

WL-WN530G3A V1410_240222

References

https://vuldb.com/?id.310748
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310748
signaturepermissions-required
https://vuldb.com/?submit.583486
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CH13hh (VulDB User)
JSON
.