CVE-2024-39757

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505

Description: A stack-based buffer overflow issue exists in the AddMac() function of wireless.cgi. This can be triggered by a specially crafted HTTP request, potentially leading to arbitrary command execution. An attacker must make an authenticated HTTP request to exploit this issue.

Recommendations: For Wavlink AC3000 M33A8.V5030.210505, as a temporary workaround, consider restricting access to the wireless.cgi until a patch is available. Additionally, limiting authenticated HTTP requests to necessary personnel can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.