CVE-2025-55847
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-10-03
Assigner: MITRE
Description
Description
Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wavlink | wl-wn586x3a_firmware | m86x3a_v240730 |
| wavlink | wl-wn586x3a | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the /cgi-bin/ExportAllSettings.cgi file of Wavlink M86X3A_V240730. It occurs because the Cookie parameter does not properly validate the length of input data, allowing attackers to exploit this flaw.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to execute arbitrary code on the affected system or cause a denial of service (DoS), potentially disrupting normal operations or gaining unauthorized control.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70