Details of VAR-202501-1434

ID

VAR-202501-1434

CVE

CVE-2024-39357

TITLE

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08335)

Trust: 0.6

sources: CNVD: CNVD-2025-08335

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAVLINK AC3000 is a wireless router from WAVLINK, a Chinese company. WAVLINK AC3000 has a buffer overflow vulnerability, which is caused by the wireless.cgi SetName function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.44

sources: NVD: CVE-2024-39357 // CNVD: CNVD-2025-08335

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-08335

AFFECTED PRODUCTS

vendor:

wavlink

model:

ac3000 m33a8.v5030.210505

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-08335

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com:	CVE-2024-39357
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-08335
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-08335
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

talos-cna@cisco.com:	CVE-2024-39357
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-08335 // NVD: CVE-2024-39357

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2024-39357

PATCH

title:

Patch for WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08335)

url:

https://www.cnvd.org.cn/patchInfo/show/682381

Trust: 0.6

sources: CNVD: CNVD-2025-08335

EXTERNAL IDS

db:	NVD	id:	CVE-2024-39357	Trust: 1.6
db:	TALOS	id:	TALOS-2024-2039	Trust: 1.0
db:	CNVD	id:	CNVD-2025-08335	Trust: 0.6

sources: CNVD: CNVD-2025-08335 // NVD: CVE-2024-39357

REFERENCES

url:	https://www.talosintelligence.com/vulnerability_reports/talos-2024-2039	Trust: 1.0
url:	https://talosintelligence.com/vulnerability_reports/talos-2024-2039	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-39357	Trust: 0.6

sources: CNVD: CNVD-2025-08335 // NVD: CVE-2024-39357

SOURCES

db:	CNVD	id:	CNVD-2025-08335
db:	NVD	id:	CVE-2024-39357

LAST UPDATE DATE

2025-04-26T22:57:45.521000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-08335	date:	2025-04-25T00:00:00
db:	NVD	id:	CVE-2024-39357	date:	2025-01-14T16:15:30.793

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-08335	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-39357	date:	2025-01-14T15:15:18.920