CVE-2022-45715
Description
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in IP-COM M50 router's formSetPortMapping function allows remote attacker to cause denial of service or potentially execute arbitrary code.
Vulnerability
IP-COM M50 firmware V15.11.0.33(10768) contains multiple buffer overflow vulnerabilities in the formSetPortMapping function. The parameters pLanPortRange and pWanPortRange are copied via strncpy into a local stack buffer without proper bounds checking, leading to a stack-based buffer overflow [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the router's management interface with an overly long string (e.g., a sequence of 'a' characters) in either the pLanPortRange or pWanPortRange parameter. No authentication is required if the management interface is exposed; otherwise, administrative access may be needed [1].
Impact
Successful exploitation overwrites the return address on the stack, allowing the attacker to control program flow. This can result in denial of service (router crash) or arbitrary code execution with root privileges, depending on the payload [1].
Mitigation
No official patch or advisory from IP-COM has been published as of December 2022. Users should restrict access to the router's management interface to trusted networks and consider disabling remote management. If a fix becomes available, it should be applied immediately [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- IP-COM/M50description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.