Linksys E8450 HTTP POST Request portal.cgi set_device_language buffer overflow

A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

Linksys E8450 安全漏洞

Linksys E8450是美国Linksys公司的一款E系列的无线路由器。 Linksys E8450 1.2.00.360516及之前版本存在安全漏洞，该漏洞源于portal.cgi文件中set_device_language函数对dut_language参数操作不当，可能导致缓冲区溢出。

N/A

N/A