Primary

Context

Linksys E8450 Buffer Overflow Vulnerability in Dashboard Configuration Security

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Linksys E8450 router, specifically in firmware version 1.2.00.360516. The issue arises in the JSON parsing function 'sub_422eb8', where the 'anonymous_protect_status' field is copied to the stack using 'strncpy' without proper length validation. This flaw can be exploited by sending crafted data to the 'portal.cgi' URL, causing the device to crash.

Impact

Exploitation of this vulnerability leads to a crash of the device, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a JSON payload to the 'portal.cgi' endpoint that includes the 'anonymous_protect_status' field. The payload should be crafted to include excessive data that exceeds the buffer length, exploiting the lack of proper length verification in the JSON parsing function.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linksys E8450 Buffer Overflow Vulnerability in Dashboard Configuration Security

Vulnerability

Impact

Reproduction

Affected Products

Linksys E8450

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating