CVE-2023-24122

Vulnerability

Jensen of Scandinavia Eagle 1200AC router firmware version V15.03.06.33_en contains a stack overflow vulnerability in the /goform/WifiBasicSet handler via the ssid_5g parameter. The vulnerability occurs when processing a specially crafted request to the web interface.

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the router's web interface with an overly long ssid_5g parameter. No authentication is required as the WifiBasicSet endpoint is accessible without login. The attacker must be on the same network as the router.

Impact

Successful exploitation leads to a stack overflow, likely causing a denial of service (DoS) due to crash of the web server or the entire device. Arbitrary code execution is not explicitly stated in the description but stack overflows can potentially be leveraged for code execution depending on memory protections.

Mitigation

As of the publication date (2023-03-01), no patch or workaround has been publicly disclosed. The vendor (Jensen of Scandinavia) has not released a firmware update addressing this vulnerability. Users should consider isolating the router from untrusted networks or replacing it if security is critical.