CVE-2024-40086
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk44th percentile - higher than 44% of all known CVEs
Summary
A buffer overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier allows remote, unauthenticated attackers to execute arbitrary code by sending a password longer than 64 bytes.
Risk Assessment
An attacker can remotely take control of the device without authentication, leading to full compromise of the mesh network and potential access to data transmitted over the network.
Recommendation
Immediately update the firmware of the Vilo 5 Mesh WiFi System to a version later than 5.16.1.33 that includes a fix for this vulnerability.
Original NVD description (English source)
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.

