CVE-2022-45710

Vulnerability

IP-COM M50 router firmware version V15.11.0.33(10768) contains multiple buffer overflow vulnerabilities in the formSetDebugCfg function. The parameters pEnable, pLevel, and pModule are directly used in a sprintf call to a local stack variable without bounds checking, allowing an attacker to overwrite the return address. This was discovered in the firmware released recently [1].

Exploitation

An attacker can trigger the buffer overflow by sending crafted requests with overly long values for the pEnable, pLevel, or pModule parameters. The reference provides a proof-of-concept where setting these parameters to a string of many 'a' characters causes a buffer overflow, indicating that no authentication or special privileges are required if the vulnerable functionality is accessible over the network [1].

Impact

Successful exploitation can allow an attacker to overwrite the return address, leading to arbitrary code execution on the router. This could result in a full compromise of the device, including information disclosure, further network attacks, or denial of service [1].

Mitigation

As of the publication date, no fixed firmware version has been released by IP-COM. Users are advised to monitor vendor updates and restrict access to the device's management interface to trusted networks only. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities Catalog [1].