CVE Catalog

CVE-2024-40086

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.60%

44th percentile - higher than 44% of all known CVEs

Summary

A buffer overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier allows remote, unauthenticated attackers to execute arbitrary code by sending a password longer than 64 bytes.

Risk Assessment

An attacker can remotely take control of the device without authentication, leading to full compromise of the mesh network and potential access to data transmitted over the network.

Recommendation

Immediately update the firmware of the Vilo 5 Mesh WiFi System to a version later than 5.16.1.33 that includes a fix for this vulnerability.

Original NVD description (English source)

A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS