CVE-2023-24126

Vulnerability

The Jensen of Scandinavia Eagle 1200AC router running firmware version V15.03.06.33_en contains a stack-based buffer overflow vulnerability in the wepkey4_5g parameter handled by the /goform/WifiBasicSet form endpoint. The vulnerability is triggered when processing the WEP key configuration for the 5 GHz wireless interface, allowing an attacker to write beyond the bounds of a fixed-size stack buffer via a crafted HTTP request.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the router's web interface, specifically targeting the /goform/WifiBasicSet handler with an excessively long value in the wepkey4_5g parameter. The attack requires no authentication and can be performed remotely over the network if the router's management interface is exposed. The attacker sends a malicious payload that overflows the buffer, overwriting adjacent stack memory including the return address.

Impact

Successful exploitation can cause a denial of service due to memory corruption and router crash. In a worst-case scenario, the attacker may achieve arbitrary code execution with root privileges on the device, potentially allowing full compromise of the router and lateral movement within the network. The vulnerability affects the confidentiality, integrity, and availability of the device.

Mitigation

As of the publication date (2023-03-01), no official patch or fixed firmware version has been released by Jensen (VOXX International). Users should restrict remote access to the router's management interface, disable the web interface if not required, or replace the device if it reaches end-of-life. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the date. Monitor vendor advisories at [1] for updates.