Planet WGS-804HPT Stack Overflow Vulnerability in web_sys_infoContact_post Function
Vulnerability
A stack overflow vulnerability has been identified in the Planet WGS-804HPT Ethernet switch, specifically in version 1.305b241111. The issue arises in the web_sys_infoContact_post function, where improper handling of the 'contact' value allows for a buffer overflow via a strcpy operation. This vulnerability can be exploited by creating a cookie with sufficient permissions to access the affected route, and then sending a crafted POST request that includes an oversized 'contact' value.
Impact
Exploitation of this vulnerability leads to a stack overflow, allowing for control flow hijacking. The overflow can be extended further if desired.
Reproduction
The vulnerability can be reproduced by first creating a cookie with permissions to access the web_sys_infoContact_post function. This can be done by setting the cookie 'hid' to '0'. Once the cookie is set, a POST request can be sent to the dispatcher.cgi file, including an oversized 'contact' value. The stack overflow can be verified by checking the control flow, which will show that the overflow has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.