Sign-up

ID

VAR-202501-1320


CVE

CVE-2024-39757


TITLE

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09262)

Trust: 0.6

sources: CNVD: CNVD-2025-09262

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi AddMac function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.44

sources: NVD: CVE-2024-39757 // CNVD: CNVD-2025-09262

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09262

AFFECTED PRODUCTS

vendor:wavlinkmodel:ac3000 m33a8.v5030.210505scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09262

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2024-39757
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2025-09262
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-09262
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2024-39757
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-09262 // NVD: CVE-2024-39757

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2024-39757

PATCH

title:Patch for WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09262)url:https://www.cnvd.org.cn/patchInfo/show/686856

Trust: 0.6

sources: CNVD: CNVD-2025-09262

EXTERNAL IDS

db:NVDid:CVE-2024-39757

Trust: 1.6

db:TALOSid:TALOS-2024-2043

Trust: 1.0

db:CNVDid:CNVD-2025-09262

Trust: 0.6

sources: CNVD: CNVD-2025-09262 // NVD: CVE-2024-39757

REFERENCES

url:https://www.talosintelligence.com/vulnerability_reports/talos-2024-2043

Trust: 1.0

url:https://talosintelligence.com/vulnerability_reports/talos-2024-2043

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-39757

Trust: 0.6

sources: CNVD: CNVD-2025-09262 // NVD: CVE-2024-39757

SOURCES

db:CNVDid:CNVD-2025-09262
db:NVDid:CVE-2024-39757

LAST UPDATE DATE

2025-05-09T23:35:49.968000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09262date:2025-05-08T00:00:00
db:NVDid:CVE-2024-39757date:2025-01-14T16:15:32.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09262date:2025-05-08T00:00:00
db:NVDid:CVE-2024-39757date:2025-01-14T15:15:20.903