CVE-2020-12125

Vulnerability

The WAVLINK WN530H4 router, running firmware version M30H4.V5030.190403, contains a remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi CGI endpoint. The endpoint does not properly sanitize user-supplied input before copying it into a fixed-size buffer, allowing an attacker to overflow the buffer and overwrite adjacent memory. The vulnerability is reachable without any authentication or prior access to the device [1].

Exploitation

An attacker can send a crafted HTTP POST request to the /cgi-bin/makeRequest.cgi endpoint with an overly long parameter value. No authentication is required, and the attacker only needs network connectivity to the router's administrative web interface (typically on port 80). The exploit triggers the buffer overflow, injecting arbitrary machine instructions that will be executed in the context of the root user.

Impact

Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary machine instructions as the root user on the device. This results in full compromise of the router, including the ability to read sensitive data, modify configuration, install persistent malware, or use the device as a foothold for further network attacks.

Mitigation

As of the publication date (2020-10-02), no firmware update or patch has been released by WAVLINK to address this vulnerability. Users are advised to replace the device if it is no longer supported, restrict access to the management interface to trusted networks only, and monitor for malicious traffic targeting the /cgi-bin/makeRequest.cgi endpoint [1].