# ip-com-4
vendor:IP-COM
product:M50
version:V15.11.0.33(10768)
type:Buffer Overflow
author:Yifeng Li, Wolin Zhuang;
## Vulnerability description
We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control rules to attack it.
## Buffer Overflow vulnerability
In formAddDnsHijack function, the parameter “rules” is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow.
![](https://i.imgur.com/r0S6kiT.png)
![](https://i.imgur.com/dvQ5sJL.png)
## PoC
### Buffer Overflow
We set the value of “rules” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.