| عنوان | Linksys WRT54G v4.21.5 Command Injection |
|---|
| الوصف | The Linksys WRT54G Firmware v4.21.5 has a stack overflow vulnerability in validate_services_port function. The variable services_array receives the parameter from a POST request. In line 55, the sscanf function parse POST parameter to v22. the v22 variable is stack-allocated and has a size of only 80 characters. If the variable exceeds this length, it can result in a buffer overflow vulnerability, potentially leading to remote code execution or denial-of-service attacks. |
|---|
| المصدر | ⚠️ https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md |
|---|
| المستخدم | Buaa1otTeam (UID 73870) |
|---|
| ارسال | 27/08/2024 06:12 AM (2 سنوات منذ) |
|---|
| الاعتدال | 04/09/2024 09:01 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 276488 [Linksys WRT54G 4.21.5 POST Parameter /apply.cgi validate_services_port services_array تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|