Primary

Context

Edimax RE11S Stack Overflow Vulnerability in FormStaDrvSetup Function

Vulnerability

A stack overflow vulnerability has been identified in the Edimax RE11S router, specifically in version 1.11. The issue arises in the formStaDrvSetup function, where the rootAPmac parameter can be manipulated to cause a buffer overflow. This vulnerability allows for a sprintf-based stack overflow, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack overflow, which can be used to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formStaDrvSetup' endpoint. The request must include a 'rootAPmac' parameter with a value that exceeds the buffer size, effectively causing a stack overflow. The 'wiz_wispManu' parameter should also be included, set to '0'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Edimax RE11S Stack Overflow Vulnerability in FormStaDrvSetup Function

Vulnerability

Impact

Reproduction

Affected Products

Edimax RE11S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating