| 标题 | PLANET ICG-2510 1.0_20250811 Stack-based Buffer Overflow |
|---|
| 描述 | The PLANET ICG-2510W-LTE product is affected by a Buffer Overflow vulnerability. This flaw originates from the sub_40C8E4 function within the /usr/sbin/httpd component. When processing language package configurations, the function fails to validate the length of the language configuration value retrieved from NVRAM before using sprintf to format it into a heap-allocated buffer of only 60 bytes (allocated via malloc(60)).If an attacker can modify the language field in the NVRAM to an excessively long string (e.g., more than 48 characters), it will trigger a buffer overflow while the web server is running. This results in a crash of the web management interface (Denial of Service) and may potentially allow for Remote Code Execution (RCE) by corrupting the heap memory layout. |
|---|
| 来源 | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/PLANET/ICG-2510/vulnerability_report1.md |
|---|
| 用户 | jfkk (UID 79868) |
|---|
| 提交 | 2026-02-23 04時08分 (2 月前) |
|---|
| 管理 | 2026-03-07 09時42分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 349643 [Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 语言 内存损坏] |
|---|
| 积分 | 20 |
|---|