CVE-2025-55847

Published: Sep 26, 2025Modified: Oct 3, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system

Affected (1)

Products: Wavlink: Wl Wn586x3a Firmware

1 product

Wl Wn586x3a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wavlink Wl Wn586x3a Firmware	Version m86x3a_v240730

Running on/with	Platform Versions
Wavlink Wl Wn586x3a	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/meigui637/iot_zone/blob/main/%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.