CVE-2024-10194

Name of the Vulnerable Software and Affected Versions WAVLINK WN530H4, WN530HG4, and WN572HG3 versions up to 20221028

Description A critical issue affects the Front-End Authentication Page, specifically the function Goto chidx of the file login.cgi. The manipulation of the argument wlanUrl leads to a stack-based buffer overflow. This issue can only be exploited within the local network. The exploit has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations For WAVLINK WN530H4, WN530HG4, and WN572HG3 versions up to 20221028, as a temporary workaround, consider disabling the Goto chidx function until a patch is available. Restrict access to the login.cgi file to minimize the risk of exploitation. Avoid using the wlanUrl argument in the affected authentication page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.