CVE-2023-24131

Vulnerability

A stack overflow vulnerability exists in the wepkey1_5g parameter of the /goform/WifiBasicSet form handler on the Jensen of Scandinavia Eagle 1200AC router running firmware version V15.03.06.33_en. The vulnerability is triggered when a specially crafted, overly long string is supplied to the wepkey1_5g parameter during a WEP key configuration request [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the /goform/WifiBasicSet endpoint without any prior authentication, as the form handler does not properly check user credentials. The attacker must have network access to the router's management interface, typically on the local network but potentially over the WAN if the interface is exposed. The attack requires no user interaction. By supplying an oversized wepkey1_5g value, the attacker overflows a stack buffer, overwriting the return address and gaining control of the program flow [1].

Impact

Successful exploitation allows an attacker to achieve remote code execution on the device. The attacker can execute arbitrary commands with root privileges, leading to full compromise of the router. This can result in information disclosure, network traffic interception, and use of the device as a pivot point for further attacks on the internal network [1].

Mitigation

As of publication, no official patch or firmware update has been released by Jensen of Scandinavia to address this vulnerability. The vendor has not acknowledged the issue or provided a fixed version. Users are advised to restrict access to the management interface by disabling remote administration, placing the device behind a firewall, and monitoring for any suspicious activity [1].