CVE-2024-36258

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A stack-based buffer overflow issue exists in the touchlistsync() functionality of touchlist sync.cgi. This can be triggered by a specially crafted HTTP request, potentially leading to arbitrary code execution. An attacker can exploit this by sending a crafted HTTP request to the vulnerable endpoint.

Recommendations: For Wavlink AC3000 version M33A8.V5030.210505, as a temporary workaround, consider disabling the touchlistsync() function until a patch is available. Restrict access to the touchlist sync.cgi module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.