CVE-2025-5408 | WAVLINK WL-WN576K1 up to V1410_240222 HTTP POST Request /cgi-bin/login.cgi sys_login login_page buffer overflow

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow.

This vulnerability is handled as CVE-2025-5408. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5408 | WAVLINK WL-WN576K1 up to V1410_240222 HTTP POST Request /cgi-bin/login.cgi sys_login login_page buffer overflow

Post correlati

CVE-2024-11210 | EyouCMS 1.51 FilemanagerLogic.php editFile activepath path traversal

CVE-2024-12348 | Guizhou Xiaoma Technology jpress 5.1.2 Attachment Upload upload AttachmentUtils.isUnSafe files[] cross site scripting

CVE-2024-44349 | AnteeoWMS up to 4.7.33 username sql injection

CVE-2025-29841 | Microsoft