Try   HackMD

ip-com-3

vendor:IP-COM

product:M50

version:V15.11.0.33(10768)

type:Buffer Overflow

author:Yifeng Li, Wolin Zhuang;

Vulnerability description

We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control rules to attack it.

Buffer Overflow vulnerability

In formAddDnsForward function, the parameter “rules” is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow, and so on, we also can control the rules to attack it.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

PoC

Buffer Overflow

We set the value of “rules” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.

Last changed by 
Wolin Zhuang
0
3431
Published on HackMD