Belkin F9K1122 Stack-Based Buffer Overflow Vulnerability in Parameter Handler
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the Belkin F9K1122 router, specifically in version 1.00.33. The issue arises in the 'formCrossBandSwitch' function within the '/goform/formCrossBandSwitch' file, part of the Parameter Handler component. The vulnerability is triggered by manipulating the 'webpage' argument, which is not properly validated before being copied to a stack-based buffer. This flaw can be exploited remotely, potentially leading to unauthorized code execution or a denial-of-service condition.
Impact
Exploitation of this vulnerability allows for stack-based buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/goform/formCrossBandSwitch' with a 'webpage' parameter that contains a payload designed to overflow the stack-based buffer. This can be done using a tool like curl or Postman, or through a custom script that automates the process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.