vendor:IP-COM
product:M50
version:V15.11.0.33(10768)
type:Buffer Overflow
author:Yifeng Li, Wolin Zhuang;
We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control rules to attack it.
In formIPMacBindAdd function, the parameter “rules” is a value coming from webGetVar, and then in ipMacBindListStore function it is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow.
We set the value of “rules” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.