CVE-2024-39774

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505

Description: A buffer overflow vulnerability exists in the set sys adm() function of adm.cgi. This issue can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. An attacker can make an authenticated HTTP request to exploit this vulnerability.

Recommendations: For version M33A8.V5030.210505, as a temporary workaround, consider disabling the set sys adm() function until a patch is available. Restrict access to the adm.cgi module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.