Planet WGR-500 Stack-Based Buffer Overflow Vulnerability in formPingCmd Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Planet WGR-500 router, specifically in version 1.3411b190912. This vulnerability arises within the formPingCmd functionality, where the absence of proper input validation allows for stack-based buffer overflows. An attacker can exploit this vulnerability by sending a series of crafted HTTP requests that manipulate the 'ipaddr' or 'counts' parameters, leading to potential arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution on the affected device.
Reproduction
To reproduce this vulnerability, send HTTP requests to the Planet WGR-500 router's formPingCmd function. Include the 'ipaddr' or 'counts' parameters with values that exceed the buffer size limitations. The crafted input will trigger the buffer overflow by overwriting the stack memory, potentially leading to arbitrary code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.