Out-of-bounds write in AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router

#VU88555 Out-of-bounds write in AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router

Published: 2024-04-16

Vulnerability identifier: #VU88555

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41560

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router
Hardware solutions / Routers for home users

Vendor: Shenzhen Tenda Technology Co.,Ltd.

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router: 15.03.06.42

External links
http://github.com/peris-navince/founded-0-days/blob/main/formSetFirewallCfg/1.md

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Sterling Order Management