Planet WGR-500 Stack-Based Buffer Overflow Vulnerability in formPingCmd Function
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Planet WGR-500 router, specifically in version 1.3411b190912. This vulnerability arises within the formPingCmd functionality, where a lack of proper input validation allows for stack-based buffer overflows. An attacker can exploit this by sending specially crafted HTTP requests that manipulate the 'submit-url' and 'ipaddr' parameters, leading to potential arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged for arbitrary code execution.
Reproduction
To reproduce this vulnerability, send an HTTP request to the WGR-500 router's formPingCmd function. Include the 'submit-url' and 'ipaddr' parameters in the request. The 'submit-url' parameter should be crafted to exceed 260 bytes, and the 'ipaddr' parameter should be manipulated to exceed 32 bytes. The absence of size checks before the 'sprintf' and 'strcat' operations in the formPingCmd function allows for the buffer overflow to occur.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.