Stack-based Buffer Overflow in WAVLINK QUANTUM D3G and WL-WN530HG3 Firmware
CVE-2025-61128

9.1CRITICAL

Key Information:

Vendor: WAVLINK
Status: QUANTUM D3G/WL-WN530HG3 Firmware
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-61128?

A stack-based buffer overflow vulnerability exists in the WAVLINK QUANTUM D3G and WL-WN530HG3 firmware, specifically in version M30HG3_V240730. This vulnerability could enable attackers to execute arbitrary code through the manipulation of the referrer value in a specially crafted POST request to the login.cgi interface. This flaw poses a significant risk, as it could allow unauthorized access and control over the affected devices.

References

https://gist.github.com/shinobu-alpha/6dd5ad7f83c16360f65...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Sep 26, 2025

JSON