CVE-2024-39803

Published: Jan 14, 2025Modified: Nov 3, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter.

Affected (1)

Products: Wavlink: Wl Wn533a8 Firmware

1 product

Wl Wn533a8 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wl Wn533a8 Firmware	Version m33a8.v5030.210505

Running on/with	Platform Versions
Wavlink Wl Wn533a8	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2049

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2049

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.