| Title | Wavlink WL-WN579X3-C V231124 Stack-based Buffer Overflow |
|---|
| Description | We found an `overflow` vulnerability in `firewall.cgi` that could be triggered by an attacker through carefully crafted packet requests:In main function,the router compare the `firewall` parameter.When the value of `firewall` is `UPNP, the function sub_4019FC will be called.When an excessively long value is provided for UpnpEnabled, the program attempts to process it using a stack buffer (v13[8]) that is only 8 bytes in size.However, the subsequent call to uci_init_ptrunconditionally writes 40 bytes of data to this location. This overwrites 32 bytes beyond the buffer's boundary, corrupting adjacent critical data on the stack—most importantly, the function's return address. When the function completes and tries to return, the CPU jumps to this now-corrupted, invalid memory address, causing an immediate program crash. This flaw not only guarantees a denial of service but, if the input is precisely crafted, could allow an attacker to hijack execution flow and run arbitrary code, potentially leading to full system compromise.
|
|---|
| Source | ⚠️ https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_200/README.md |
|---|
| User | LtzHuster2 (UID 96397) |
|---|
| Submission | 03/13/2026 03:59 (16 days ago) |
|---|
| Moderation | 03/27/2026 14:51 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353891 [Wavlink WL-WN579X3-C 231124 UPNP /cgi-bin/firewall.cgi sub_4019FC UpnpEnabled stack-based overflow] |
|---|
| Points | 20 |
|---|