CVE-2021-46901

Vulnerability

A stack-based buffer overflow exists in the httpd.c file of the CETIC-6LBR (6lbr) project, version 1.5.0. The vulnerability is located in the examples/6lbr/apps/6lbr-webserver/httpd.c file at line 119, where the strcat function is used without bounds checking when constructing a response for a requested URL [1][2]. An attacker can send a specially crafted HTTP request with an excessively long URL over a 6LoWPAN network, causing the stack buffer to overflow.

Exploitation

An attacker must have network access to the affected device via a 6LoWPAN network. No authentication is required. The attacker sends an HTTP request with an overly long URL to the webserver. The server, when processing the URL, uses strcat to append data to a fixed-size stack buffer, leading to a stack-based buffer overflow [1][2].

Impact

Successful exploitation allows the attacker to overwrite the stack, potentially executing arbitrary code. This can lead to full compromise of the device, including disclosure of sensitive information, modification of data, or denial of service. The impact is high, as the webserver typically runs with privileges of the process, which may have significant system access.

Mitigation

As of the available references, no official patched version has been released. Users should consider disabling the webserver component if not required, or apply network-level filtering to restrict access to the 6LoWPAN network. The issue is tracked in the project's issue tracker [2].