Description
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2025-01-14
Score: 9.1 Critical
EPSS: 14.4% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-36590 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
History

Thu, 21 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00193}

 epss

{'score': 0.00274}

Tue, 14 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wavlink Wl-wn533a8 Wl-wn533a8 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2025-01-14T16:03:53.745Z

Reserved: 2024-06-28T16:07:55.299Z

Link: CVE-2024-37357

cve-icon Vulnrichment

Updated: 2025-01-14T16:03:53.745Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T15:15:17.660

Modified: 2025-08-21T20:38:48.960

Link: CVE-2024-37357

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses