Planet WGR-500 Stack-Based Buffer Overflow Vulnerability in formPingCmd Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Planet WGR-500 router, specifically in version 1.3411b190912. This vulnerability arises within the formPingCmd functionality, where a lack of proper input validation allows for stack-based buffer overflows. An attacker can exploit this vulnerability by sending a series of specially crafted HTTP requests. The buffer overflow is related to the 'counts' request parameter, which is used to compose a ping command that is vulnerable to exploitation.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, which can be leveraged for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by sending HTTP requests to the Planet WGR-500 router's formPingCmd function. The 'counts' request parameter must be crafted to exceed the buffer size of 100 bytes, without any size checks in place. This will cause a stack-based buffer overflow in the 'ping_command' buffer, potentially allowing for arbitrary code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.