Cyber Resilience

CVE-2024-36258

CriticalPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1648 95.0th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-36258 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() function of the Wavlink AC3000 router running firmware M33A8.V5030.210505. The flaw, tracked as CWE-121, is triggered by a specially crafted HTTP request and can result in arbitrary code execution on the device. It carries a CVSS 3.1 score of 10.0, reflecting network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated attacker with network access can send a malicious HTTP request to the affected CGI endpoint, causing the overflow and achieving arbitrary code execution with full system impact including confidentiality, integrity, and availability compromise. The references point to detailed technical reports from Cisco Talos that describe the vulnerability but do not include mitigation guidance or patch availability in the supplied information. The associated EPSS score has remained in a moderate range with a modest peak of 0.2028.

EU & UK References

Vulnerability details

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in unauthenticated HTTP-accessible CGI endpoint directly enables remote exploitation of a public-facing network device for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-39603Same product: Wavlink Wl-Wn533A8
CVE-2024-39359Same product: Wavlink Wl-Wn533A8
CVE-2024-39757Same product: Wavlink Wl-Wn533A8
CVE-2024-36493Same product: Wavlink Wl-Wn533A8
CVE-2024-39357Same product: Wavlink Wl-Wn533A8
CVE-2024-39604Same product: Wavlink Wl-Wn533A8
CVE-2024-39803Same product: Wavlink Wl-Wn533A8
CVE-2024-37184Same product: Wavlink Wl-Wn533A8
CVE-2024-34166Same product: Wavlink Wl-Wn533A8
CVE-2024-39786Same product: Wavlink Wl-Wn533A8

Affected Assets

wavlink
wl-wn533a8 firmware
m33a8.v5030.210505

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and patching of the stack-based buffer overflow flaw in touchlist_sync.cgi to prevent arbitrary code execution.

prevent

Enforces validation of HTTP request inputs to block specially crafted requests that trigger the buffer overflow in touchlistsync().

prevent

Provides memory safeguards such as stack canaries and ASLR to mitigate exploitation of the stack-based buffer overflow vulnerability.

References