Sign-up

ID

VAR-202501-1320


CVE

CVE-2024-39757


TITLE

WAVLINK  of  WL-WN 533A8  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-027327

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. (DoS) It may be in a state. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi AddMac function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-39757 // JVNDB: JVNDB-2024-027327 // CNVD: CNVD-2025-09262

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09262

AFFECTED PRODUCTS

vendor:wavlinkmodel:wl-wn533a8scope:eqversion:m33a8.v5030.210505

Trust: 1.0

vendor:wavlinkmodel:wl-wn 533a8scope: - version: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn 533a8scope:eqversion: -

Trust: 0.8

vendor:wavlinkmodel:wl-wn 533a8scope:eqversion:wl-wn 533a8 firmware m33a8.v5030.210505

Trust: 0.8

vendor:wavlinkmodel:ac3000 m33a8.v5030.210505scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09262 // JVNDB: JVNDB-2024-027327 // NVD: CVE-2024-39757

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2024-39757
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2024-39757
value: HIGH

Trust: 1.0

NVD: CVE-2024-39757
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-09262
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-09262
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2024-39757
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-39757
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-39757
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09262 // JVNDB: JVNDB-2024-027327 // NVD: CVE-2024-39757 // NVD: CVE-2024-39757

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-027327 // NVD: CVE-2024-39757

PATCH

title:Patch for WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09262)url:https://www.cnvd.org.cn/patchInfo/show/686856

Trust: 0.6

sources: CNVD: CNVD-2025-09262

EXTERNAL IDS

db:NVDid:CVE-2024-39757

Trust: 3.2

db:TALOSid:TALOS-2024-2043

Trust: 1.8

db:JVNDBid:JVNDB-2024-027327

Trust: 0.8

db:CNVDid:CNVD-2025-09262

Trust: 0.6

sources: CNVD: CNVD-2025-09262 // JVNDB: JVNDB-2024-027327 // NVD: CVE-2024-39757

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2024-2043

Trust: 1.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2024-2043

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39757

Trust: 1.4

sources: CNVD: CNVD-2025-09262 // JVNDB: JVNDB-2024-027327 // NVD: CVE-2024-39757

SOURCES

db:CNVDid:CNVD-2025-09262
db:JVNDBid:JVNDB-2024-027327
db:NVDid:CVE-2024-39757

LAST UPDATE DATE

2025-08-23T23:25:08.150000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09262date:2025-05-08T00:00:00
db:JVNDBid:JVNDB-2024-027327date:2025-08-22T06:02:00
db:NVDid:CVE-2024-39757date:2025-08-21T20:50:24.880

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09262date:2025-05-08T00:00:00
db:JVNDBid:JVNDB-2024-027327date:2025-08-22T00:00:00
db:NVDid:CVE-2024-39757date:2025-01-14T15:15:20.903