CVE-2025-55847 is a buffer overflow vulnerability identified in the Wavlink M86X3A_V240730 device firmware, specifically within the /cgi-bin/ExportAllSettings.cgi endpoint. The vulnerability stems from improper validation of the length of the Cookie parameter input. When an attacker sends a specially crafted request with an excessively long Cookie parameter, the device fails to properly handle the input size, leading to a buffer overflow condition. This flaw can be exploited to execute arbitrary code on the affected device or cause a denial of service (DoS) by crashing the system. The vulnerability is critical because it allows remote attackers to potentially gain control over the device without authentication, given that the CGI endpoint is accessible and processes the Cookie header. No patch or fixed version information is currently available, and no known exploits have been reported in the wild as of the publication date. The lack of a CVSS score means the severity must be assessed based on the nature of the vulnerability, which involves remote code execution and DoS capabilities through a common web interface on a network device. The vulnerability affects the Wavlink M86X3A_V240730 model, a network device likely used in small to medium business or home office environments for networking purposes.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Wavlink networking devices in their infrastructure. Exploitation could lead to unauthorized remote code execution, allowing attackers to compromise the confidentiality, integrity, and availability of the network device. This could result in interception or manipulation of network traffic, disruption of network services, or use of the compromised device as a foothold for further lateral movement within the organization's network. The DoS potential could cause network outages, impacting business continuity. Given that many European organizations operate under strict data protection regulations such as GDPR, a compromise of network devices could lead to data breaches with legal and financial consequences. The absence of authentication requirements to exploit the vulnerability increases the risk, as attackers can remotely target exposed devices without prior access. The impact is heightened in environments where these devices serve as critical network gateways or are part of security perimeters.

Organizations should immediately inventory their network devices to identify any Wavlink M86X3A_V240730 units in use. Until an official patch is released, it is advisable to restrict access to the device's web management interface by implementing network segmentation and firewall rules that limit access to trusted management hosts only. Disabling remote management over the internet or untrusted networks can reduce exposure. Monitoring network traffic for unusual requests to the /cgi-bin/ExportAllSettings.cgi endpoint and anomalous Cookie header lengths can help detect exploitation attempts. Employing intrusion detection/prevention systems (IDS/IPS) with custom signatures targeting this vulnerability may provide additional protection. Organizations should also engage with Wavlink support channels to obtain information on patches or firmware updates addressing this issue and plan timely deployment once available. As a longer-term measure, consider replacing vulnerable devices with models that have a stronger security track record and regular firmware update support.