How to fix CVE-2025-5408?

Within 24 hours: Inventory all affected WAVLINK models in your environment and isolate them from production networks if possible; disable remote management access to the HTTP interface. Within 7 days: Implement network segmentation to restrict administrative access to these devices; evaluate replacement timeline with alternative vendors. Within 30 days: Deploy replacement devices from vendors with active security support; decommission vulnerable models or maintain them in isolated test environments only.

CVE-2025-5408

EUVD-2025-16583 CRITICAL

2025-06-01 [email protected]

Buffer Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 16:42 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 16:42 euvd

EUVD-2025-16583

CVE Published

Jun 01, 2025 - 22:15 nvd

CRITICAL 9.8

DescriptionNVD

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in multiple WAVLINK routers up to V1410_240222.

Technical ContextAI

CWE-119.

RemediationAI

Update firmware.

CVE-2025-5408 vulnerability details – vuln.today

Back

CVE-2025-5408

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code