Primary

Context

Linksys E1700 Stack-Based Buffer Overflow Vulnerability in WAN Configuration

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Linksys E1700 router running firmware version 1.0.0.4.003. The issue arises in the WAN configuration function, where the 'DeviceName' and 'lanIp' parameters are not properly validated. This lack of input sanitization allows remote attackers to manipulate these parameters, leading to a buffer overflow that can potentially be exploited to execute arbitrary code. The vulnerability causes the router to crash, disrupting its normal service operations.

Impact

Exploitation of this vulnerability leads to a crash of the router, causing a persistent disruption in its services.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/setWan' endpoint. Include a 'DeviceName' parameter with a payload that exceeds the buffer limit, such as a long string of characters. The router will crash as a result of the stack overflow.

Added: Aug 27, 2025, 1:19 PM

Updated: Aug 27, 2025, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linksys E1700 Stack-Based Buffer Overflow Vulnerability in WAN Configuration

Vulnerability

Impact

Reproduction

Affected Products

Linksys E1700

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating