Primary

Context

Planet WGS-804HPT Stack Overflow Vulnerability in web_radiusSrv_post Function

Vulnerability

A stack overflow vulnerability has been identified in the Planet WGS-804HPT switch, specifically in version 1.305b241111. The issue arises in the web_radiusSrv_post function, where the radIpkey parameter can be manipulated to cause a buffer overflow. This vulnerability allows for control flow hijacking by overflowing the stack and overwriting return addresses.

Impact

Exploitation of this vulnerability leads to a stack overflow, allowing for control flow hijacking. This could potentially be used to execute arbitrary code or cause a denial-of-service condition by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the dispatcher.cgi endpoint with a crafted radIpkey parameter. The parameter should be filled with a payload that exceeds the buffer size, causing a stack overflow. This can be automated with a Python script that writes the payload to a file, which is then sent as part of the request.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Planet WGS-804HPT Stack Overflow Vulnerability in web_radiusSrv_post Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating