CVE-2022-45718

Vulnerability

A buffer overflow vulnerability exists in the IP-COM M50 router running firmware version V15.11.0.33(10768). The flaw resides in the formIPMacBindAdd function, where the rules parameter obtained via webGetVar is passed to the ipMacBindListStore function. Inside that function, the value is copied into a stack-based buffer using strcpy without any length validation, leading to a buffer overflow [1].

Exploitation

An attacker with network access to the router's web management interface can exploit this vulnerability by sending a crafted HTTP request containing an overly long rules parameter. The provided proof-of-concept demonstrates that sending a long string of 'a' characters triggers the overflow, overwriting the return address on the stack [1]. No authentication is required if the web interface is exposed.

Impact

Successful exploitation can cause a denial of service due to a crash, or potentially allow arbitrary code execution with root privileges, as the router runs with elevated permissions. The overflow overwrites the return address, giving an attacker control over execution flow [1].

Mitigation

As of the publication date (2022-12-23), no official patch or firmware update has been released by IP-COM to address this vulnerability. Users are advised to restrict access to the router's web interface to trusted networks and monitor for vendor updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog at this time.