CVE-2024-37184 – A buffer overflow vulnerability in the Wavlink ... (How to Fix)

Q: What is the severity of CVE-2024-37184?

CVE-2024-37184 has a CVSS score of 9.1 (CRITICAL). A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi component allows authenticated attackers to execute arbitrary code via crafted HTTP requests. This affects users of Wavlink AC3000 routers with vulnerable firmware. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi component allows authenticated attackers to execute arbitrary code via crafted HTTP requests. This affects users of Wavlink AC3000 routers with vulnerable firmware. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Wavlink AC3000

Versions: M33A8.V5030.210505

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication, but default credentials may be unchanged on many devices.

📦 What is this software?

Wl Wn533a8 Firmware by Wavlink

View all CVEs affecting Wl Wn533a8 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, network traffic interception, credential theft, and lateral movement to connected devices.

🟠

Likely Case

Router takeover enabling DNS hijacking, traffic redirection, and persistent backdoor installation.

🟢

If Mitigated

Limited impact if strong authentication and network segmentation prevent attacker access to admin interface.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing, and authenticated access could be obtained through credential guessing or existing compromises.

🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit if they obtain admin credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires authentication but buffer overflow techniques are well understood. Public PoC exists in Talos report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Wavlink website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote admin access

all

Prevent external access to admin interface

Login to router admin panel
Navigate to Remote Management/Admin settings
Disable remote access/WAN administration

Change admin credentials

all

Use strong, unique admin password

Login to router admin panel
Navigate to Administration/Password settings
Set strong password (12+ chars, mixed case, numbers, symbols)

🧯 If You Can't Patch

Segment router on isolated network segment with strict firewall rules
Implement network monitoring for suspicious HTTP requests to adm.cgi

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Status or Firmware Update section

Check Version:

Login to router web interface and check firmware version in system settings

Verify Fix Applied:

Verify firmware version is newer than M33A8.V5030.210505

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /cgi-bin/adm.cgi
Multiple failed login attempts followed by successful login and adm.cgi access

Network Indicators:

HTTP traffic to router on port 80/443 containing crafted rep_as_bridge parameters
Unusual outbound connections from router

SIEM Query:

source_ip=router_ip AND (uri_path="/cgi-bin/adm.cgi" OR http_user_agent CONTAINS "exploit")

📊 Metadata

CVE ID: CVE-2024-37184

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.48% exploit probability (64.4th percentile)

Published: January 14, 2025

Last Updated: August 21, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2025 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2025 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37184, you might also want to check these: