CVE-2024-39802: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...
9.1
CVSS
Description
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter.
Classification
CVE ID: CVE-2024-39802
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.1
Affected Products
Vendor: Wavlink
Product: Wavlink AC3000
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 21.55% (scored less or equal to compared to others)
EPSS Date: 2025-02-12 (when was this score calculated)