CVE-2024-40085

A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
http://vilo.com
https://github.com/byu-cybersecurity-research/vilo/blob/main/vulns/CVE-2024-40085.md

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-21 21:15

Updated : 2024-10-23 15:12

NVD link : CVE-2024-40085

Mitre link : CVE-2024-40085

CVE.ORG link : CVE-2024-40085

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

9.6 /10