CVE-2022-45706

Vulnerability

A buffer overflow vulnerability exists in the formSetNetCheckTools function of IP-COM M50 routers running firmware version V15.11.0.33(10768). The hostname parameter is copied via strncpy into a stack-based local variable without proper bounds checking, allowing an attacker to overflow the buffer and overwrite the return address of the function [1].

Exploitation

An attacker with network access to the router's administrative interface can send a crafted HTTP request to the vulnerable endpoint. The hostname field is set to a long string of characters (such as a repeated 'a'), causing the buffer to overflow. No authentication is required if the interface is exposed; otherwise, valid admin credentials may be needed [1]. The overflow overwrites the return address on the stack, enabling control of the program flow.

Impact

Successful exploitation allows the attacker to cause a denial of service (router crash) or potentially achieve arbitrary code execution with the privileges of the router's firmware process. This could lead to a full compromise of the device, including unauthorized access to the network or persistent backdoor installation [1].

Mitigation

As of the publication date (2022-12-23), no official patch has been released by IP-COM. Users should restrict access to the management interface to trusted hosts and networks, and consider upgrading to a newer firmware version if one becomes available. The router is not known to be listed in CISA's Known Exploited Vulnerabilities catalog [1].