# ip-com-3 vendor:IP-COM product:M50 version:V15.11.0.33(10768) type:Buffer Overflow author:Yifeng Li, Wolin Zhuang; ## Vulnerability description We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control rules to attack it. ## Buffer Overflow vulnerability In formAddDnsForward function, the parameter “rules” is directly strcpy to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow, and so on, we also can control the rules to attack it. ![](https://i.imgur.com/vIdn424.png) ![](https://i.imgur.com/UGRH2I3.png) ## PoC ### Buffer Overflow We set the value of “rules” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.