CVE-2024-39770 in AC3000info

Summary

by MITRE • 01/14/2025

Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/22/2025

The vulnerability identified as CVE-2024-39770 represents a critical stack-based buffer overflow within the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505 firmware. This flaw manifests in the handling of the en_enable POST parameter, which is processed through the set_qos function in the internet.cgi script. The vulnerability stems from inadequate input validation and bounds checking within the firmware's web interface handling mechanisms. Attackers can exploit this weakness by crafting malicious HTTP requests that contain oversized data in the en_enable parameter, leading to memory corruption that can potentially result in arbitrary code execution or system crash.

The technical implementation of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows an attacker to overwrite adjacent stack memory. The specific context involves the internet.cgi script that manages quality of service settings within the router's web management interface. When an authenticated user submits a POST request containing malicious data in the en_enable parameter, the firmware fails to properly validate the input length before copying it to a fixed-size stack buffer. This creates an exploitable condition where the attacker can overwrite return addresses, function pointers, or other critical stack data structures.

From an operational impact perspective, this vulnerability presents a significant risk to network infrastructure security as it requires only authenticated access to exploit. The attack vector involves a standard HTTP POST request to the affected router's web interface, making it relatively accessible to threat actors who have gained administrative credentials. The potential consequences include complete system compromise, unauthorized network access, data exfiltration, and persistent backdoor installation. The vulnerability's presence in a consumer-grade router firmware means that home and small office networks are particularly at risk, as these devices often lack proper security monitoring and patch management processes.

The exploitation of this vulnerability follows patterns consistent with ATT&CK technique T1059.007 for command and scripting interpreter, where successful buffer overflow exploitation could lead to arbitrary code execution. Security professionals should consider implementing network segmentation and access controls to limit the potential impact of such vulnerabilities. Mitigation strategies include immediate firmware updates from the vendor, network monitoring for suspicious HTTP traffic patterns, and implementing web application firewalls to detect and block malicious POST requests. Additionally, organizations should conduct vulnerability assessments to identify similar issues in other network devices and establish robust patch management procedures to prevent exploitation of similar buffer overflow vulnerabilities in the future. The vulnerability underscores the importance of input validation in embedded systems and the need for comprehensive security testing of network infrastructure devices.

Responsible

Talos

Reservation

06/28/2024

Disclosure

01/14/2025

Moderation

accepted

CPE

ready

EPSS

0.01212

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!