Vulnerability Key Information Overview Affected Versions: W30APv4.0 <= v1.0.0.11(1340) Vulnerable File: httpd Details: A buffer overflow vulnerability exists in the function, which is unauthenticated. Vulnerability Details In the function, when a request is made to , no further authentication is performed, and it directly returns 0. In the function, the and parameters are retrieved from the POST request via . If the parameter is set to and the parameter contains followed by non-empty content, the program directly uses to concatenate unvalidated external input into a fixed-size stack buffer, causing a stack overflow. POC Summary This vulnerability affects all firmware versions of W30APv4.0 <= v1.0.0.11(1340) in the file. By crafting a specific POST request, a stack overflow can be triggered, potentially allowing arbitrary code execution. The provided POC code can be used to verify the existence of the vulnerability.