CVE-2024-39359
Published: 14 January 2025
Summary
CVE-2024-39359 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Wavlink Wl-Wn533A8 Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-39359 is a stack-based buffer overflow vulnerability (CWE-121) in the DeleteMac() functionality of wireless.cgi on the Wavlink AC3000 router running firmware version M33A8.V5030.210505. Published on 2025-01-14, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The issue arises when a specially crafted HTTP request triggers the overflow.
An authenticated attacker with high privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. Exploitation leads to arbitrary command execution on the device, enabling high-impact compromise of confidentiality, integrity, availability, and scope change.
Mitigation details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38365
Vulnerability details
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in router web CGI (wireless.cgi) directly enables remote exploitation of a public-facing application, resulting in arbitrary command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates specially crafted HTTP request inputs to the DeleteMac() function in wireless.cgi, preventing stack-based buffer overflows.
Implements memory protections such as stack canaries and non-executable stacks to mitigate stack-based buffer overflows in the vulnerable CGI script.
Requires timely remediation of the known stack buffer overflow flaw in Wavlink AC3000 firmware via patching or upgrades.