Wavlink WL-WN579X3-C Stack-Based Buffer Overflow Vulnerability in UPNP Handler
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Wavlink WL-WN579X3-C router, specifically in version 231124. The issue resides in the UPNP handler within the file /cgi-bin/firewall.cgi. The vulnerability is triggered by manipulating the UpnpEnabled argument, which leads to a buffer overflow on the stack. This flaw can be exploited remotely, causing a program crash and potentially allowing an attacker to execute arbitrary code, with the risk of full system compromise.
Impact
Exploitation of this vulnerability causes a program crash, creating a denial-of-service condition. However, with carefully crafted input, it could be possible to take control of the execution flow, execute arbitrary code, and potentially compromise the entire system.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /cgi-bin/firewall.cgi endpoint with the firewall parameter set to UPNP. The UpnpEnabled parameter must be filled with an excessively long value, exceeding 8 bytes, which is the size of the stack buffer being targeted. This can be done using a web browser or a tool like curl or Postman.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.