CVE-2025-5408 | WAVLINK WL-WN576K1 up to V1410_240222 HTTP POST Request /cgi-bin/login.cgi sys_login login_page buffer overflow

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow.

This vulnerability is handled as CVE-2025-5408. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5408 | WAVLINK WL-WN576K1 up to V1410_240222 HTTP POST Request /cgi-bin/login.cgi sys_login login_page buffer overflow

Post correlati

CVE-2024-23912 | Merative Merge DICOM Toolkit C++ up to 5.17.0 on Windows DICOM Data MC_Open_File out-of-bounds

CVE-2024-13873 | wpjobportal WP Job Portal Plugin up to 2.2.8 on WordPress deleteUserPhoto authorization

CVE-2024-1908 | GitHub Enterprise Server up to 3.8.15/3.9.10/3.10.7/3.11.5 Connect Download Token privileges management

CVE-2024-37297 | WooCommerce up to 8.8.4/8.9.2 Sourcebuster.js cross site scripting (GHSA-cv23-q6gh-xfrf)