EFM ipTIME A8004T Buffer Overflow Vulnerability in WifiBasicSet Endpoint

A stack-based buffer overflow vulnerability has been identified in the EFM ipTIME A8004T router, specifically in the firmware version 14.18.2. The issue arises in the formWifiBasicSet function within the /goform/WifiBasicSet endpoint. The vulnerability allows for remote exploitation by manipulating the security_5g parameter, leading to potential application crashes, memory corruption, or arbitrary code execution.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by crashing the web server process, making the device's management interface inaccessible. Additionally, it allows for arbitrary code execution by overwriting the return address on the stack to redirect program execution to shellcode, potentially giving the attacker full control over the device. There is also a risk of information leakage, exposing sensitive data from the device's memory.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/WifiBasicSet endpoint with an oversized security_5g parameter. This can be done using a Python script that automates the process by sending the request with the malicious payload.

Remediation

To address this vulnerability, it is recommended to update the router's firmware to a version that patches the buffer overflow issue. Users should also consider applying general best practices for router security, such as changing default passwords and disabling remote management features.