Description
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2025-01-14
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-38373 A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
History

Fri, 22 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware
CPEs cpe:2.3:h:wavlink:wl-wn533a8:-:*:*:*:*:*:*:*
cpe:2.3:o:wavlink:wl-wn533a8_firmware:m33a8.v5030.210505:*:*:*:*:*:*:*
Vendors & Products Wavlink
Wavlink wl-wn533a8
Wavlink wl-wn533a8 Firmware

Tue, 14 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Jan 2025 16:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Wavlink Wl-wn533a8 Wl-wn533a8 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2025-01-14T16:04:17.314Z

Reserved: 2024-06-28T16:07:56.364Z

Link: CVE-2024-39774

cve-icon Vulnrichment

Updated: 2025-01-14T16:04:17.314Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T15:15:22.730

Modified: 2025-08-22T14:04:23.657

Link: CVE-2024-39774

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses