CVE Details
Basic Information
| Title | WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-01T21:31:04.615Z |
| Last Seen |
Product Information
| Vendor | WAVLINK |
|---|---|
| Product | QUANTUM D2G |
| Version | V1410_240222 |
CVSS Information
| Base Score | 9.3 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability exists in WAVLINK devices up to V1410_240222. The flaw is in the sys_login function of the /cgi-bin/login.cgi file, allowing remote attackers to execute arbitrary code via a crafted HTTP POST request. The vendor has not responded to initial disclosure. |
|---|---|
| AI Severity | Critical |
| Vendor | WAVLINK |
| Product | QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, WL-WN576K1 |
| Affected Version | up to V1410_240222 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family | |
| Source Data | WAVLINK QUANTUM D2G V1410_240222 WAVLINK QUANTUM D3G V1410_240222 WAVLINK WL-WN530G3A V1410_240222 WAVLINK WL-WN530HG3 V1410_240222 WAVLINK WL-WN532A3 V1410_240222 WAVLINK WL-WN576K1 V1410_240222 |
Source Information
Description
A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 9.3 (CRITICAL)