WAVLINK Routers Buffer Overflow Vulnerability in HTTP POST Request Handler

Vulnerability

A critical buffer overflow vulnerability has been identified in several WAVLINK router models, including the QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1, all versions through V1410_240222. The vulnerability resides in the sys_login function of the /cgi-bin/login.cgi file, within the HTTP POST Request Handler component. The issue arises from the manipulation of the login_page argument, which leads to a buffer overflow. This vulnerability can be exploited remotely, without any authentication, potentially allowing unauthorized execution of arbitrary commands.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution, according to the GitHub advisory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WAVLINK Routers Buffer Overflow Vulnerability in HTTP POST Request Handler

Vulnerability

Impact

Affected Products

WAVLINK WL-WN576K1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating