CVE-2022-45716

Vulnerability

A buffer overflow vulnerability exists in IP-COM M50 routers running firmware version V15.11.0.33(10768). The flaw resides in the formIPMacBindDel function, where the user-controlled indexSet parameter is copied directly into a local stack buffer using strcpy without bounds checking [1]. This overflow can overwrite the return address and other stack data, leading to control flow hijacking.

Exploitation

An attacker must be able to send crafted HTTP requests to the router's management interface. No authentication is mentioned as required in the available reference [1]. By supplying an overly long string for the indexSet parameter, the attacker triggers the buffer overflow, overwriting the saved return address on the stack.

Impact

Successful exploitation allows an attacker to overwrite the return address of the formIPMacBindDel function, potentially achieving arbitrary code execution with the privileges of the web server process (likely root) [1]. This could result in a full compromise of the router device.

Mitigation

At the time of disclosure (December 2022), no official patch or fixed firmware version was announced by IP-COM [1]. Users should monitor the vendor's support channels for a security update. As a workaround, restrict access to the router's management interface to trusted networks only, or disable remote administration if possible.