CVE-2023-24134

Vulnerability

The Jensen of Scandinavia Eagle 1200AC router, firmware version V15.03.06.33_en, contains a stack overflow vulnerability in the wepkey3 parameter handled by the /goform/WifiBasicSet form handler [1]. This parameter is part of the wireless basic settings configuration page. The vulnerability is reachable through the router's web interface without any prior authentication, as the form handler does not validate the length of the input before copying it into a stack buffer.

Exploitation

An attacker with network access to the router's management interface (typically on TCP port 80 or 443) can send a crafted HTTP POST request to /goform/WifiBasicSet with an overly long value for the wepkey3 parameter [1]. No authentication is required because the vulnerable form handler is accessible before login. The attacker does not need any user interaction or special privileges. The overflow occurs when the supplied string is copied into a fixed-size stack buffer, overwriting the saved return address and other stack data.

Impact

Successful exploitation results in arbitrary code execution on the router with the privileges of the web server process, which runs as root [1]. This gives the attacker complete control over the device, allowing them to modify network traffic, exfiltrate data, install persistent malware, or use the router as a pivot point for further attacks on the local network.

Mitigation

As of the publication date (2023-03-01), no patched firmware version has been released by Jensen of Scandinavia [1]. The device is likely end-of-life. Users are advised to isolate the router from untrusted networks, disable remote management if not required, and consider replacing the device with a supported model. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.