제출 #855125: Tomato by Shibby Tomato Firmware Tomato PL ND 1.28 beta Stack-based Buffer Overflow정보

제목Tomato by Shibby Tomato Firmware Tomato PL ND 1.28 beta Stack-based Buffer Overflow
설명sub_42537C builds a cru a ... scheduler command in a fixed 64-byte stack buffer. The scheduler name argument a1 is inserted into the formatted string twice and is then executed through system(). char cmd[64]; cfg = nvram_get(a1); sscanf(cfg, "%d,%d,%d", &enabled, &time, &days); sprintf(cmd, "cru a %s \"%d %d * * %s sched %s\"", a1, minute, hour, days, a1); system(cmd); Two alternate scheduling formats use the same pattern and also place a1 into cmd twice. If a1 is sufficiently long, the formatted command can overflow the 64-byte stack buffer and overwrite saved registers, including the saved return address in the demonstrated layout.
원천⚠️ https://gitee.com/Fengyi-Wang/CVE/issues/IJTQ5U
사용자
 Cormac315 (UID 97273)
제출2026. 06. 10. PM 04:24 (1 월 ago)
모더레이션2026. 07. 17. PM 04:14 (1 month later)
상태수락
VulDB 항목379801 [Shibby Tomato 1.28 Scheduler Name sub_42537C a1 메모리 손상]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!