Primary

Context

Wavlink AC3000 Buffer Overflow Vulnerability in adm.cgi set_sys_adm() Function

Vulnerability

A buffer overflow vulnerability has been identified in the Wavlink AC3000 router, specifically in the adm.cgi set_sys_adm() function of version M33A8.V5030.210505. This vulnerability allows for a stack-based buffer overflow through a specially crafted HTTP request. An authenticated user can exploit this issue by sending the crafted request, leading to potential unauthorized code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code on the device.

Reproduction

To reproduce this vulnerability, an authenticated user must send an HTTP POST request to the adm.cgi binary with the 'page' parameter set to 'sysAdm'. The 'new_pwd' parameter must be crafted to exceed 0x118 bytes, which will overwrite the return address of the set_sys_adm() function, leading to a segmentation fault and indicating successful exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wavlink AC3000 Buffer Overflow Vulnerability in adm.cgi set_sys_adm() Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating