ip-com-13

vendor:IP-COM

product:M50

version:V15.11.0.33(10768)

type:Buffer Overflow

author:Yifeng Li, Wolin Zhuang;

Vulnerability description

We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control the "picName" to attack it.

Buffer Overflow vulnerability

In formDelWewifiPic function, the parameter "picName" is directly sprintf to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow.

PoC

Buffer Overflow

We set the value of “picName” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.