CVE-2022-45714

Vulnerability

The IP-COM M50 router running firmware version V15.11.0.33(10768) contains a buffer overflow vulnerability in the formQOSRuleDel function. The parameter indexSet is copied directly into a stack-based buffer using strcpy without bounds checking, allowing an attacker to overwrite the return address and adjacent memory [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the router's web management interface with an overly long indexSet parameter. No authentication is required, as the vulnerable function is accessible without prior login. The PoC demonstrates setting indexSet to a long string of 'a' characters, which triggers the overflow [1].

Impact

Successful exploitation overwrites the return address on the stack, leading to a crash (denial of service) or potentially arbitrary code execution with the privileges of the web server process. The exact impact depends on the attacker's ability to control the overwritten data and bypass any memory protections [1].

Mitigation

As of the publication date (2022-12-23), no official patch or firmware update has been released by IP-COM to address this vulnerability. Users are advised to restrict access to the router's management interface to trusted networks and monitor for vendor updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].