Invia #398567: Linksys WRT54G v4.21.5 Command Injectioninformazioni

TitoloLinksys WRT54G v4.21.5 Command Injection
DescrizioneThe Linksys WRT54G Firmware v4.21.5 has a stack overflow vulnerability in validate_services_port function. The variable services_array receives the parameter from a POST request. In line 55, the sscanf function parse POST parameter to v22. the v22 variable is stack-allocated and has a size of only 80 characters. If the variable exceeds this length, it can result in a buffer overflow vulnerability, potentially leading to remote code execution or denial-of-service attacks.
Fonte⚠️ https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md
Utente
 Buaa1otTeam (UID 73870)
Sottomissione27/08/2024 06:12 (2 anni fa)
Moderazione04/09/2024 09:01 (8 days later)
StatoAccettato
Voce VulDB276488 [Linksys WRT54G 4.21.5 POST Parameter /apply.cgi validate_services_port services_array buffer overflow]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!