| Название | PLANET ICG-2510 1.0_20250811 Stack-based Buffer Overflow |
|---|
| Описание | The PLANET ICG-2510W-LTE product is affected by a Buffer Overflow vulnerability. This flaw originates from the sub_40C8E4 function within the /usr/sbin/httpd component. When processing language package configurations, the function fails to validate the length of the language configuration value retrieved from NVRAM before using sprintf to format it into a heap-allocated buffer of only 60 bytes (allocated via malloc(60)).If an attacker can modify the language field in the NVRAM to an excessively long string (e.g., more than 48 characters), it will trigger a buffer overflow while the web server is running. This results in a crash of the web management interface (Denial of Service) and may potentially allow for Remote Code Execution (RCE) by corrupting the heap memory layout. |
|---|
| Источник | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/PLANET/ICG-2510/vulnerability_report1.md |
|---|
| Пользователь | jfkk (UID 79868) |
|---|
| Представление | 23.02.2026 04:08 (2 месяцы назад) |
|---|
| Модерация | 07.03.2026 09:42 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 349643 [Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 Язык повреждение памяти] |
|---|
| Баллы | 20 |
|---|