CVE-2023-45463

Vulnerability

A buffer overflow vulnerability exists in the Netis N3Mv2 router firmware version V1.0.1.865. The flaw is located in the hostName parameter processed by the function FUN_0040dabc. The function uses apmib_get(0x158, local_2c) to retrieve the hostname and then passes it to RunSystemCmd("hostname %s &", local_2c) without proper bounds checking. This allows a crafted input to overflow the stack buffer local_2c (36 bytes), leading to a denial of service [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted input to the hostName parameter. The attacker does not require authentication, as the vulnerable function is reachable from the network interface. The crafted input must exceed the buffer size, causing a buffer overflow that corrupts the stack and crashes the router. No user interaction is needed beyond the attacker delivering the malicious payload [1].

Impact

Successful exploitation results in a denial of service (DoS), causing the router to become unresponsive. This disrupts network connectivity for all devices relying on the affected router, leading to extended network outages. The vulnerability does not allow code execution or privilege escalation based on the available information [1].

Mitigation

As of the publication date (2023-10-13), no patch or fixed version has been released by Netis. The affected firmware version V1.0.1.865 remains vulnerable. There is no known workaround. Users should monitor the vendor's website for future updates. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of writing [1].