CVE-2024-39288

High

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A…

talos·CWE-120·Published 2025-01-14

CVSS

7.2

EPSS

0.13

KEV

Exploits

cve.orgen

284 chars

A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

NVDen

284 chars

NVDes

335 chars

Existe una vulnerabilidad de desbordamiento de búfer en la función set_add_routing() de internet.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar un desbordamiento de búfer basado en la pila. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H