| タイトル | PLANET ICG-2510 1.0_20250811 Stack-based Buffer Overflow |
|---|
| 説明 | The PLANET ICG-2510W-LTE product is affected by a Buffer Overflow vulnerability. This flaw originates from the sub_40C8E4 function within the /usr/sbin/httpd component. When processing language package configurations, the function fails to validate the length of the language configuration value retrieved from NVRAM before using sprintf to format it into a heap-allocated buffer of only 60 bytes (allocated via malloc(60)).If an attacker can modify the language field in the NVRAM to an excessively long string (e.g., more than 48 characters), it will trigger a buffer overflow while the web server is running. This results in a crash of the web management interface (Denial of Service) and may potentially allow for Remote Code Execution (RCE) by corrupting the heap memory layout. |
|---|
| ソース | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/PLANET/ICG-2510/vulnerability_report1.md |
|---|
| ユーザー | jfkk (UID 79868) |
|---|
| 送信 | 2026年02月23日 04:08 (2 月 ago) |
|---|
| モデレーション | 2026年03月07日 09:42 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 349643 [Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 言語 メモリ破損] |
|---|
| ポイント | 20 |
|---|