{"id":6210,"date":"2025-06-01T17:31:37","date_gmt":"2025-06-01T17:31:37","guid":{"rendered":"http:\/\/localhost\/?p=6210"},"modified":"2025-06-01T17:31:37","modified_gmt":"2025-06-01T17:31:37","slug":"wavlink-wl-wn576k1-http-post-request-logincgi-syslogin-buffer-overflow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6210","title":{"rendered":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow"},"content":{"rendered":"<h2>CVE Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Title<\/th>\n<td>WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>cve<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-06-01T21:31:04.615Z<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td><\/td>\n<\/tr>\n<\/table>\n<h3>Product Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Vendor<\/th>\n<td>WAVLINK<\/td>\n<\/tr>\n<tr>\n<th>Product<\/th>\n<td>QUANTUM D2G<\/td>\n<\/tr>\n<tr>\n<th>Version<\/th>\n<td>V1410_240222<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Base Score<\/th>\n<td style=\"color: #cc0000; font-weight: bold;\">9.3 (CRITICAL)<\/td>\n<\/tr>\n<tr>\n<th>Attack Vector<\/th>\n<td>CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td><\/td>\n<\/tr>\n<\/table>\n<h3>AI Analysis<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>AI Description<\/th>\n<td>A critical buffer overflow vulnerability exists in WAVLINK devices up to V1410_240222. The flaw is in the sys_login function of the \/cgi-bin\/login.cgi file, allowing remote attackers to execute arbitrary code via a crafted HTTP POST request. The vendor has not responded to initial disclosure.<\/td>\n<\/tr>\n<tr>\n<th>AI Severity<\/th>\n<td>Critical<\/td>\n<\/tr>\n<tr>\n<th>Vendor<\/th>\n<td>WAVLINK<\/td>\n<\/tr>\n<tr>\n<th>Product<\/th>\n<td>QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, WL-WN576K1<\/td>\n<\/tr>\n<tr>\n<th>Affected Version<\/th>\n<td>up to V1410_240222<\/td>\n<\/tr>\n<\/table>\n<h3>Additional Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>CVE List<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>CWE List<\/th>\n<td>CWE-120, CWE-119<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td><\/td>\n<\/tr>\n<tr>\n<th>Source Data<\/th>\n<td>WAVLINK QUANTUM D2G V1410_240222<br \/>\nWAVLINK QUANTUM D3G V1410_240222<br \/>\nWAVLINK WL-WN530G3A V1410_240222<br \/>\nWAVLINK WL-WN530HG3 V1410_240222<br \/>\nWAVLINK WL-WN532A3 V1410_240222<br \/>\nWAVLINK WL-WN576K1 V1410_240222<\/td>\n<\/tr>\n<\/table>\n<h3>Source Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th>Source Data<\/th>\n<td>WAVLINK QUANTUM D2G V1410_240222<br \/>\nWAVLINK QUANTUM D3G V1410_240222<br \/>\nWAVLINK WL-WN530G3A V1410_240222<br \/>\nWAVLINK WL-WN530HG3 V1410_240222<br \/>\nWAVLINK WL-WN532A3 V1410_240222<br \/>\nWAVLINK WL-WN576K1 V1410_240222<\/td>\n<\/tr>\n<tr>\n<th>Source Link<\/th>\n<td><a href=\"\" target=\"_blank\"><\/a><\/td>\n<\/tr>\n<\/table>\n<h3>Description<\/h3>\n<div style=\"padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file \/cgi-bin\/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<\/div>\n<h3>CVSS Score Summary<\/h3>\n<div style=\"padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<p style=\"margin: 0;\"><strong>Base Score:<\/strong> <span style=\"color: #cc0000;\">9.3 (CRITICAL)<\/span><\/p>\n<\/div>\n<p><a href=\"\" target=\"_blank\" style=\"display: inline-block; background-color: #4CAF50; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full CVE Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE Details Basic Information Title WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow Type cve Published 2025-06-01T21:31:04.615Z Last Seen Product Information Vendor WAVLINK Product&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,55,12,13,7,11,5],"class_list":["post-6210","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6210\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow Type cve Published 2025-06-01T21:31:04.615Z Last Seen Product Information Vendor WAVLINK Product...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6210\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-01T17:31:37+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow\",\"datePublished\":\"2025-06-01T17:31:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210\"},\"wordCount\":339,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.3\",\"exploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6210#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210\",\"name\":\"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-01T17:31:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6210\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6210#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6210","og_locale":"en_US","og_type":"article","og_title":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem","og_description":"CVE Details Basic Information Title WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow Type cve Published 2025-06-01T21:31:04.615Z Last Seen Product Information Vendor WAVLINK Product...","og_url":"https:\/\/zero.redgem.net\/?p=6210","og_site_name":"zero redgem","article_published_time":"2025-06-01T17:31:37+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6210#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6210"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow","datePublished":"2025-06-01T17:31:37+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6210"},"wordCount":339,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.3","exploit","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6210#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6210","url":"https:\/\/zero.redgem.net\/?p=6210","name":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-01T17:31:37+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6210#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6210"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6210#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6210"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6210\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}