Planet FW-WGS-804HPT Stack Overflow Vulnerability in Web ACL Management Rules Edit Function

A stack overflow vulnerability has been identified in the Planet FW-WGS-804HPT Ethernet switch, specifically in version 1.305b241111. The issue arises within the web_acl_mgmt_Rules_Edit_postcontains function, where the byruleEditName parameter is improperly handled, leading to a buffer overflow. This vulnerability can be exploited by creating a cookie that grants access to the vulnerable route and sending a crafted request that overflows the stack, potentially allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack overflow, which can be used to overwrite the return address and hijack the control flow of the application. This type of vulnerability is commonly exploited to execute arbitrary code with the privileges of the affected application.

Reproduction

The vulnerability can be reproduced by first creating a cookie that provides sufficient permissions to access the web_acl_mgmt_Rules_Edit_postcontains function. Once the cookie is set, a POST request can be sent to the dispatcher.cgi file, including the byruleEditName parameter filled with a payload that triggers the stack overflow. The overflow can be verified by checking if the control flow has been hijacked, which would indicate successful exploitation.