CVE-2023-24130

Vulnerability

A stack overflow vulnerability exists in the Jensen of Scandinavia Eagle 1200AC router running firmware version V15.03.06.33_en. The flaw is triggered through the wepkey parameter within the /goform/WifiBasicSet endpoint, allowing an attacker to cause a stack overflow by supplying an overly long value [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable endpoint /goform/WifiBasicSet with an excessively long wepkey parameter. The attacker may need network access to the device's web interface and knowledge of the target's IP address. No authentication is mentioned as required, making the attack vector potentially accessible to unauthenticated attackers on the same network.

Impact

Successful exploitation results in a stack overflow, which can lead to a denial of service (DoS) by crashing the device. In some cases, it may allow arbitrary code execution, granting the attacker full control over the affected device. Depending on the exploitation, this could lead to unauthorized access to network traffic or further compromise of connected systems [1].

Mitigation

The fixed version is not explicitly stated in the available references. Users should monitor the vendor's support page for firmware updates. If no patch is available, consider replacing the device with a supported model or restricting network access to the management interface [1].