Planet WGS-804HPT Stack Overflow Vulnerability in Web STP Global Setting Post Function
Vulnerability
A stack overflow vulnerability has been identified in the Planet WGS-804HPT Ethernet switch, specifically in version 1.305b241111. The issue arises in the web_stp_globalSetting_post function, where the stp_conf_name parameter can be manipulated to cause a stack-based buffer overflow. This vulnerability allows for control flow hijacking by overflowing the stack space and overwriting return addresses.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for control flow hijacking.
Reproduction
To reproduce this vulnerability, authenticate to the device and create a cookie with permissions to access the web_stp_globalSetting_post function. Then, send a POST request to the dispatcher.cgi endpoint with the stp_conf_name parameter set to a value that exceeds the buffer size, such as 512 bytes. This will trigger the stack overflow by overwriting the return address and hijacking the control flow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.