CVE-2024-39802

Severity CVSS v4.0:
Pending analysis
Type:
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
14/01/2025
Last modified:
14/01/2025

Description

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.

References to Advisories, Solutions, and Tools