FAST FAC1200R Buffer Overflow Vulnerability in Password Parameter

A buffer overflow vulnerability has been identified in the FAST FAC1200R firmware version F400_FAC1200R_Q. The issue arises in the function sub_80435780, which improperly handles the 'fac_password' parameter string without adequate validation. This vulnerability can be exploited by sending a specially crafted HTTP request, leading to a buffer overflow that causes the device to crash, resulting in a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the device to crash, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'http://192.168.1.1/stok=U%2B%7D!TC%2BK6c)SHSupXt8E%5BcuX2k5*X2%5Dk/ds' with a JSON payload that includes the 'fac_password' parameter. The 'fac_password' value should be a string repeated to fill a buffer, approximately 8192 bytes in total. The request must include appropriate headers to mimic a standard browser request, such as 'User-Agent', 'Accept', 'Content-Type', and 'Referer'.