CVE-2025-55847

HIGH EPSS 77.3%

Published Sep 26, 20259mo ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Sep 26, 2025 9mo ago

Last Modified Jun 17, 2026 1w ago

Description

Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service (DoS) on the system

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

77.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-120

Affected Products 2

Vendor	Product	Version	Range
wavlink	wl-wn586x3a_firmware	m86x3a_v240730	any
wavlink	wl-wn586x3a	*	any

References 1

github.com https://github.com/meigui637/iot_zone/blob/main/%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.