Primary

Context

Planet WGR-500 Stack-Based Buffer Overflow Vulnerability in formPingCmd Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Planet WGR-500 router, specifically in version 1.3411b190912. The issue arises within the formPingCmd functionality, where the absence of proper size checks on several request parameters allows for the crafting of HTTP requests that overflow the stack buffer. This vulnerability could potentially be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can be used to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by sending a series of HTTP requests that include the 'submit-url', 'ipaddr', and 'counts' parameters. The 'submit-url' parameter is used to overwrite a buffer without size validation, while the 'ipaddr' and 'counts' parameters can be manipulated to craft a ping command that exceeds the buffer's capacity, causing a stack overflow.

Added: Oct 7, 2025, 2:22 PM

Updated: Oct 7, 2025, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.3

remediation

0.0

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Planet WGR-500 Stack-Based Buffer Overflow Vulnerability in formPingCmd Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating