Edimax RE11S Stack Overflow Vulnerability in setWAN Function
Vulnerability
A stack overflow vulnerability has been identified in the Edimax RE11S router, specifically in version 1.11. The issue arises in the setWAN function, where the pptpUserName parameter can be manipulated to cause a buffer overflow. This vulnerability allows for a sprintf-based stack overflow, potentially leading to arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack overflow, which can be used to overwrite stack memory and hijack the control flow of the program. This type of vulnerability is commonly exploited to execute arbitrary code with the privileges of the vulnerable application.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /goform/setWAN endpoint with a crafted pptpUserName value. This value should be sufficiently long to exceed the buffer limit, causing a stack overflow. The wanMode parameter must also be included in the request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.