A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
The vulnerability is located in the CGI script 'touchlist_sync.cgi', specifically in the 'touchlistsync()' function. The attacker sends a specially crafted HTTP request containing data that exceeds the stack buffer size. Stack overflow enables overwriting the return address or other critical structures and taking control of the program execution flow, leading to arbitrary code execution (RCE).
An attacker can remotely execute arbitrary code on the device without any authentication, which in practice means complete takeover of the router, ability to modify network traffic, install a backdoor, or use the device as a launching point for further attacks on the network.
Apply patches available from the manufacturer according to references. If no update is available, it is recommended to isolate the device from the public network, disable remote management from the WAN side, and monitor network traffic directed to the management interface.
Wavlink AC3000 devices (WL-WN533A8 models) with firmware version M33A8.V5030.210505
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWavlink Wl Wn533a8
HWWavlinkwszystkie wersjeWavlink Wl Wn533a8 Firmware
OSWavlinkm33a8.v5030.210505
Related vulnerabilities
Command injection w Wavlink AC3000 — wykonanie dowolnych poleceń przez adm.cgi
Command injection w firmware Wavlink AC3000 — zdalne wykonanie kodu
Command injection w Wavlink AC3000 – nieautoryzowane wykonanie poleceń
Buffer overflow w Wavlink AC3000 — podatność w funkcji set_info() usbip.cgi
Buffer overflow w Wavlink AC3000 — podatność w login.cgi (Goto_chidx)