CVE-2024-45415 in ZTEinfo

Summary

by MITRE • 09/17/2024

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 09/20/2024

The vulnerability identified as CVE-2024-45415 represents a critical stack-based buffer overflow flaw within the HTTPD binary of multiple ZTE router models. This vulnerability resides in the check_data_integrity function which handles validation of checksum data submitted through POST requests. The function processes encrypted checksums sent by clients and decrypts them before storing the decrypted values on the stack without proper bounds checking or validation. This design flaw creates a predictable attack surface where malicious input can overwrite adjacent stack memory, potentially leading to arbitrary code execution.

The technical implementation of this vulnerability demonstrates a classic buffer overflow condition where the check_data_integrity function fails to validate the length of decrypted checksum data before storing it in a fixed-size stack buffer. According to CWE-121, this constitutes a stack-based buffer overflow vulnerability that occurs when insufficient bounds checking is performed on data that is copied into a stack buffer. The vulnerability is particularly dangerous because it operates within the HTTPD service which is typically accessible over the network, making it exploitable by unauthenticated remote attackers. The function's handling of encrypted data introduces additional complexity since attackers must craft malicious encrypted payloads that, when decrypted, will trigger the overflow condition.

The operational impact of this vulnerability extends beyond simple privilege escalation as it provides attackers with root-level access to affected ZTE routers. This level of access enables comprehensive system compromise including complete network control, data exfiltration, and potential use as a pivot point for attacking other devices within the network. The vulnerability affects multiple ZTE router models, suggesting a widespread impact across various network infrastructure devices. According to ATT&CK framework technique T1059.007, this vulnerability allows for command and scripting interpreter access, while T1068 represents the privilege escalation path to root access. The unauthenticated nature of the attack means that no credentials are required for exploitation, making it particularly dangerous for network administrators who may not be aware of the vulnerability's presence.

The exploitation of this vulnerability requires an attacker to send a specially crafted POST request containing an encrypted checksum that, when decrypted, exceeds the allocated stack buffer size. This type of attack falls under the category of remote code execution attacks and can be classified under ATT&CK technique T1203, which involves the use of a web shell or similar tools for persistent access. Mitigation strategies should include immediate firmware updates from ZTE to address the buffer overflow condition, network segmentation to limit access to affected devices, and implementation of intrusion detection systems to monitor for suspicious POST requests. The vulnerability highlights the importance of proper input validation and bounds checking in network services, particularly those handling user-supplied data in network infrastructure devices. Organizations should also consider implementing network access controls and monitoring for anomalous traffic patterns that may indicate exploitation attempts.

Responsible

MITRE

Reservation

08/28/2024

Disclosure

09/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00483

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!