CVE-2024-39801
Published: 14 January 2025
Description
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter.
Security Summary
Multiple buffer overflow vulnerabilities, including CWE-120, affect the qos.cgi qos_settings() functionality in the Wavlink AC3000 router running firmware version M33A8.V5030.210505. These issues arise from improper handling of the `qos_bandwidth` POST parameter, where a specially crafted HTTP request can trigger a stack-based buffer overflow.
An authenticated attacker with high privileges (PR:H) can exploit these vulnerabilities over the network (AV:N) with low complexity (AC:L). Successful exploitation leads to high-impact consequences across confidentiality, integrity, availability, and scope change (CVSS:3.1 score of 9.1), potentially enabling arbitrary code execution or system compromise via the stack-based overflow.
Talos Intelligence documented these flaws in vulnerability reports TALOS-2024-2049, available at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2049 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2049. Practitioners should consult these advisories for detailed technical analysis and recommended mitigations, such as firmware updates if available or restricting access to the affected qos.cgi endpoint.
Details
- CWE(s)