CVE-2022-45712
Description
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow vulnerability in IP-COM M50 router firmware V15.11.0.33(10768) allows remote attackers to cause denial of service or possibly execute arbitrary code via the 'rules' parameter.
Vulnerability
A stack-based buffer overflow vulnerability exists in the formAddDnsForward function of IP-COM M50 routers running firmware version V15.11.0.33(10768). The function uses strcpy to copy the user-supplied rules parameter directly into a local stack buffer without proper bounds checking, leading to overflow of the return address [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the router's web interface with an excessively long rules parameter. This overflow overwrites the return address on the stack, enabling the attacker to hijack control flow. No authentication is required if the vulnerable endpoint is exposed [1].
Impact
Successful exploitation can result in denial of service due to memory corruption or, potentially, remote code execution with elevated privileges, giving the attacker full control over the affected router [1].
Mitigation
As of the publication date (2022-12-23), no official fix has been released. Users should restrict network access to the router's management interface and monitor for firmware updates from IP-COM. If no update is provided, consider isolating the device or replacing it [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IP-COM/M50description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.