CVE Catalog

CVE-2024-40083

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

A buffer overflow vulnerability in the local_app_set_router_token function of Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier. A remote, unauthenticated attacker can execute arbitrary code by reading the token and timezone JSON fields via sscanf into a fixed-length buffer.

Risk Assessment

The risk for the organization includes remote unauthenticated takeover of the mesh WiFi device, potentially leading to network integrity compromise, traffic interception, or further attacks on infrastructure.

Recommendation

Immediately update the firmware of the Vilo 5 Mesh WiFi System to a version newer than 5.16.1.33 if available, or apply temporary network security measures to restrict access to the management interface.

Original NVD description (English source)

A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS