Submit #398567: Linksys WRT54G v4.21.5 Command Injectioninfo

TitleLinksys WRT54G v4.21.5 Command Injection
DescriptionThe Linksys WRT54G Firmware v4.21.5 has a stack overflow vulnerability in validate_services_port function. The variable services_array receives the parameter from a POST request. In line 55, the sscanf function parse POST parameter to v22. the v22 variable is stack-allocated and has a size of only 80 characters. If the variable exceeds this length, it can result in a buffer overflow vulnerability, potentially leading to remote code execution or denial-of-service attacks.
Source⚠️ https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md
User
 Buaa1otTeam (UID 73870)
Submission08/27/2024 06:12 AM (9 months ago)
Moderation09/04/2024 09:01 AM (8 days later)
StatusAccepted
VulDB Entry276488 [Linksys WRT54G 4.21.5 POST Parameter /apply.cgi validate_services_port services_array stack-based overflow]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!