SB2023101127 - Multiple vulnerabilities in Micro Research MR-GM series

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2021-35392)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Heap-based buffer overflow (CVE-ID: CVE-2021-35393)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Incorrect default permissions (CVE-ID: CVE-2023-45194)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of default credentials. A remote attacker on the local network can intercept the communication when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/vu/JVNVU99039725/index.html"
• https://jvn.jp/en/vu/JVNVU99039725/index.html</a></p><p>
• https://www.mrl.co.jp/20231005_security/</p><p><br></p>