CVE-2022-45708

Vulnerability

The IP-COM M50 router, firmware version V15.11.0.33(10768), contains a buffer overflow vulnerability in the formDelPortMapping function. The parameter sPortMapIndex is copied directly into a stack-based local variable using strcpy, without proper bounds checking, allowing an attacker to overwrite the return address and other stack data. This vulnerability affects only the specified firmware version and requires the attacker to be able to send requests to the affected function.

Exploitation

To exploit this vulnerability, an attacker must be on the same network as the router (or have remote access if the management interface is exposed) and send a specially crafted HTTP request to the formDelPortMapping endpoint with an excessively long sPortMapIndex parameter. The provided proof-of-concept uses a long string of 'a' characters, which causes the buffer overflow. No authentication is required if the vulnerable endpoint is accessible.

Impact

Successful exploitation causes a buffer overflow that crashes the router, leading to a denial of service (DoS). The device becomes unresponsive until it is manually rebooted. There is no indication that this leads to remote code execution or data exfiltration based on the available information [1].

Mitigation

As of the publication date (2022-12-23), no firmware update or patch has been released by IP-COM to address this vulnerability. Users should monitor the vendor's support page for updates. Until a fix is available, restricting access to the router's management interface to trusted networks only can reduce the attack surface. This CVE is not listed on the CISA KEV.