CVE-2023-24117

Vulnerability

A stack overflow vulnerability exists in the Jensen of Scandinavia Eagle 1200AC router running firmware version V15.03.06.33_en. The flaw is triggered by sending a crafted request to the /goform/WifiBasicSet endpoint with an overly long wepauth_5g parameter. The affected version is the only one listed.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface. No authentication is explicitly required, so an attacker with network access to the management interface can trigger the overflow by providing a long wepauth_5g value, which overflows a stack buffer.

Impact

Successful exploitation could cause a denial of service (device crash) or potentially allow arbitrary code execution, leading to full compromise of the router. The impact is significant due to the router's role in network infrastructure.

Mitigation

As of the publication date, no official patch or security update has been announced by the vendor. Users should monitor the vendor's website for firmware updates. Restrict access to the router's management interface and ensure it is not exposed to untrusted networks.