KuWFi 4G LTE AC900 Stack-Based Buffer Overflow Vulnerability in GoAhead-Web HTTP Daemon
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the GoAhead-Web HTTP daemon running on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The issue arises in the '/goform/formMultiApnSetting' handler, where the user-supplied 'pincode' parameter is copied into a fixed 132-byte stack buffer using 'sprintf()' without proper bounds checking. This vulnerability allows attackers to overwrite adjacent stack memory, potentially leading to a crash of the web server and, under certain conditions, arbitrary code execution.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition by crashing the web server. Additionally, it may allow for arbitrary code execution under specific circumstances.
Reproduction
To reproduce this vulnerability, send an HTTP POST request to the '/goform/formMultiApnSetting' endpoint with a 'pincode' value longer than 132 bytes. The lack of bounds checking in the 'sprintf()' function will trigger the buffer overflow by overwriting adjacent stack memory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.