CVE-2024-39770
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the en_enable POST parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wavlink | Wavlink AC3000 | M33A8.V5030.210505 | affected |
Weaknesses
- CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.