CVE-2023-24129

Vulnerability

A stack overflow vulnerability exists in the WifiBasicSet form handler of the Jensen of Scandinavia Eagle 1200AC router running firmware version V15.03.06.33_en. The flaw occurs in the wepkey4 parameter when processing form data via the /goform/WifiBasicSet endpoint [1]. An attacker can send an oversized string as the wepkey4 value, overflowing a fixed-size stack buffer.

Exploitation

No authentication is required to reach the vulnerable endpoint. An attacker on the same local network (or remotely if the admin interface is exposed to the WAN) can send a crafted HTTP POST request to /goform/WifiBasicSet with an overly long wepkey4 parameter. The overflow overwrites the return address and other stack data, allowing control of program execution [1].

Impact

Successful exploitation leads to arbitrary code execution with the privileges of the web server, typically root on embedded devices. The attacker gains full control of the router, enabling traffic interception, DNS hijacking, or use of the device in a botnet [1].

Mitigation

The vendor has not released a patched firmware version as of the publication date, and the device may be end-of-life or unsupported. Users should disable remote administration and restrict access to the admin interface from trusted networks only [1].