CVE-2024-36258

Critical

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000…

talos·CWE-121·Published 2025-01-14

CVSS

9.8

EPSS

0.12

KEV

Exploits

cve.orgen

283 chars

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.

NVDen

283 chars

NVDes

329 chars

Existe una vulnerabilidad de desbordamiento de búfer basada en pila en la función touchlistsync() de touchlist_sync.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la ejecución de código arbitrario. Un atacante puede enviar una solicitud HTTP para activar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	10.0	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H