ID
VAR-202501-1414
CVE
CVE-2024-39359
TITLE
WAVLINK of WL-WN 533A8 Stack-based buffer overflow vulnerability in firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2024-027332
DESCRIPTION
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. (DoS) It may be in a state. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Trust: 2.16
sources:
NVD: CVE-2024-39359 //
JVNDB: JVNDB-2024-027332 //
CNVD: CNVD-2025-09264
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-09264
AFFECTED PRODUCTS
| vendor: | wavlink | model: | wl-wn533a8 | scope: | eq | version: | m33a8.v5030.210505 | Trust: 1.0 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | wavlink | model: | wl-wn 533a8 | scope: | eq | version: | wl-wn 533a8 firmware m33a8.v5030.210505 | Trust: 0.8 |
| vendor: | wavlink | model: | ac3000 m33a8.v5030.210505 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-09264 //
JVNDB: JVNDB-2024-027332 //
NVD: CVE-2024-39359
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2025-09264 //
JVNDB: JVNDB-2024-027332 //
NVD: CVE-2024-39359 //
NVD: CVE-2024-39359
PROBLEMTYPE DATA
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2024-027332 //
NVD: CVE-2024-39359
PATCH
| title: | Patch for WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09264) | url: | https://www.cnvd.org.cn/patchInfo/show/686866 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-09264
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-39359 | Trust: 3.2 |
| db: | TALOS | id: | TALOS-2024-2040 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2024-027332 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-09264 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-09264 //
JVNDB: JVNDB-2024-027332 //
NVD: CVE-2024-39359
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2024-2040 | Trust: 1.8 |
| url: | https://www.talosintelligence.com/vulnerability_reports/talos-2024-2040 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-39359 | Trust: 1.4 |
sources:
CNVD: CNVD-2025-09264 //
JVNDB: JVNDB-2024-027332 //
NVD: CVE-2024-39359
SOURCES
| db: | CNVD | id: | CNVD-2025-09264 |
| db: | JVNDB | id: | JVNDB-2024-027332 |
| db: | NVD | id: | CVE-2024-39359 |
LAST UPDATE DATE
2025-08-23T22:55:23.853000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-09264 | date: | 2025-05-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-027332 | date: | 2025-08-22T06:02:00 |
| db: | NVD | id: | CVE-2024-39359 | date: | 2025-08-21T18:01:30.917 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-09264 | date: | 2025-05-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-027332 | date: | 2025-08-22T00:00:00 |
| db: | NVD | id: | CVE-2024-39359 | date: | 2025-01-14T15:15:19.227 |