CVE-2024-39803

Name of the Vulnerable Software and Affected Versions Wavlink AC3000 version M33A8.V5030.210505

Description Multiple buffer overflow vulnerabilities exist in the qos.cgi qos settings() functionality. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. A buffer overflow vulnerability exists in the sel mode POST parameter.

Recommendations For version M33A8.V5030.210505, consider disabling the qos settings() function in qos.cgi until a patch is available. Restrict access to the sel mode POST parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.