CVE-2024-40085

Name of the Vulnerable Software and Affected Versions Vilo 5 Mesh WiFi System versions <= 5.16.1.33

Description A Buffer Overflow issue in the local app set router wan function allows remote, unauthenticated attackers to execute arbitrary code. This is achieved by exploiting the pppoe username and pppoe password fields when they are larger than 128 bytes in length.

Recommendations For versions <= 5.16.1.33, update to a version later than 5.16.1.33 to resolve the issue. As a temporary workaround, consider restricting the length of the pppoe username and pppoe password fields to 128 bytes or less until a patch is available.