CVE-2025-61128
Published: 28 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-61128 is a stack-based buffer overflow vulnerability (CWE-121) in the WAVLINK QUANTUM D3G/WL-WN530HG3 firmware version M30HG3_V240730, and possibly other Wavlink models. The flaw occurs in the login.cgi component, where a crafted referrer value in a POST request triggers the overflow, enabling arbitrary code execution. Published on 2025-10-28, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).
Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, requiring only network access and low attack complexity. By sending a malicious POST request to login.cgi with a specially crafted referrer value, attackers achieve arbitrary code execution on the affected device, resulting in high impacts to confidentiality and availability.
Advisories reference a GitHub gist at https://gist.github.com/shinobu-alpha/6dd5ad7f83c16360f6564db0bc121e99 for additional details, though specific patch or mitigation guidance is not detailed in the CVE description.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a stack-based buffer overflow in the public-facing login.cgi web component of a router firmware, enabling remote unauthenticated arbitrary code execution via a crafted POST request referrer, directly mapping to exploitation of public-facing applications.