| タイトル | Wavlink WL-WN579X3-C V231124 Stack-based Buffer Overflow |
|---|
| 説明 | We found an `overflow` vulnerability in `firewall.cgi` that could be triggered by an attacker through carefully crafted packet requests:In main function,the router compare the `firewall` parameter.When the value of `firewall` is `UPNP, the function sub_4019FC will be called.When an excessively long value is provided for UpnpEnabled, the program attempts to process it using a stack buffer (v13[8]) that is only 8 bytes in size.However, the subsequent call to uci_init_ptrunconditionally writes 40 bytes of data to this location. This overwrites 32 bytes beyond the buffer's boundary, corrupting adjacent critical data on the stack—most importantly, the function's return address. When the function completes and tries to return, the CPU jumps to this now-corrupted, invalid memory address, causing an immediate program crash. This flaw not only guarantees a denial of service but, if the input is precisely crafted, could allow an attacker to hijack execution flow and run arbitrary code, potentially leading to full system compromise.
|
|---|
| ソース | ⚠️ https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_200/README.md |
|---|
| ユーザー | LtzHuster2 (UID 96397) |
|---|
| 送信 | 2026年03月13日 03:59 (25 日 ago) |
|---|
| モデレーション | 2026年03月27日 14:51 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353891 [Wavlink WL-WN579X3-C 231124 UPNP /cgi-bin/firewall.cgi sub_4019FC UpnpEnabled メモリ破損] |
|---|
| ポイント | 20 |
|---|