CVE-2024-39299

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A buffer overflow issue exists in the qos.cgi qos sta settings() functionality. This can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. An attacker can make an authenticated HTTP request to the /qos.cgi endpoint to exploit this issue.

Recommendations: For version M33A8.V5030.210505, consider disabling the qos sta settings() function as a temporary workaround until a patch is available. Restrict access to the /qos.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.