Primary

Context

RE11S Stack Overflow Vulnerability in PPPoE Setup Function

Vulnerability

A stack overflow vulnerability has been identified in RE11S version 1.11. The issue arises in the formPPPoESetup function, where the pppUserName parameter can be manipulated to cause a buffer overflow. This vulnerability was discovered during an internship at Qi An Xin Tiangong Lab, while analyzing the router's web interface.

Impact

Exploitation of this vulnerability leads to a stack overflow, allowing for potential arbitrary code execution or causing a denial-of-service condition by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formPPPoESetup' endpoint with a crafted pppUserName parameter. The payload should be designed to exceed the buffer size, causing a stack overflow. This can be automated with a Python script that uses the requests library to send the malicious payload.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RE11S Stack Overflow Vulnerability in PPPoE Setup Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating