H3C Magic B1 Buffer Overflow Vulnerability in SetMobileAPInfoById Function

A buffer overflow vulnerability has been identified in the H3C Magic B1 router, specifically in firmware versions through 100R004. The issue arises in the SetMobileAPInfoById function within the /goform/aspForm file. This vulnerability can be exploited remotely by manipulating the 'param' argument, leading to potential denial-of-service conditions or even remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption. This type of vulnerability is commonly associated with allowing arbitrary code execution or causing a denial-of-service condition by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/aspForm endpoint. The request must include a 'CMD' parameter set to 'SetMobileAPInfoById' and a 'param' field containing a crafted payload that exceeds the buffer length, effectively causing the overflow.