Beetel Connection Manager Stack-Based Buffer Overflow Vulnerability in NetConfig.ini

A stack-based buffer overflow vulnerability has been identified in Beetel Connection Manager version PCW_BTLINDV1.0.0B04. The issue arises when the application parses the UserName parameter in the NetConfig.ini configuration file. A specially crafted .ini file with an excessively long UserName value can overwrite the Structured Exception Handler (SEH), potentially leading to arbitrary code execution when the application processes the file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution within the context of the application.

Reproduction

To reproduce this vulnerability, create a NetConfig.ini file with a crafted UserName value that exceeds the buffer limit. The overflow will overwrite the SEH, allowing for arbitrary code execution. This vulnerability can be exploited using a Metasploit module available in the Metasploit Framework.