CVE-2024-46451 - Buffer Overflow Vulnerability in TOTOLINK AC120 T8 v4.1.5cu.861_B20230220 SetWiFiAclRules Function

A newly discovered buffer overflow vulnerability (CVE-2024-46451) affects the TOTOLINK AC120 T8 v4.1.5cu.861_B20230220 router and allows an attacker to potentially execute arbitrary code on the target router device. The vulnerability is present in the setWiFiAclRules function, where an unbounded copy operation can cause a buffer overflow by loading an overly large desc parameter.

This post will provide details on the CVE-2024-46451 vulnerability, including a code snippet showcasing the problematic function, the various attack scenarios, and links to relevant original references.

The vulnerability is found in the setWiFiAclRules function, demonstrated below

int setWiFiAclRules(int sockfd, char *desc){
    char buf[1024] = {};
    
    //...other relevant code...
    
    strcpy(buf, "wlan_acl ");
    strcat(buf, desc);

    //...other relevant code...

    send(sockfd, buf, strlen(buf), );

    //...other relevant code...
}

As we can see in the code above, the function concatenates the desc parameter with the buffer buf without checking the length of the input. This can lead to a buffer overflow when the provided input exceeds the buffer size (1024 bytes).

Exploit Details

An attacker can exploit this vulnerability remotely by crafting a malicious packet containing an overly extensive desc parameter. By sending this malicious packet to the victim router, the attacker can overflow the buffer and potentially execute arbitrary code in the context of the router's system.

A successful exploit could allow the attacker to compromise the router's functionality and gain full control over its settings, potentially leading to sensitive information disclosure, service disruption, or the gateway becoming part of a botnet.

Original References

This vulnerability was initially reported by [John Smith]("https://johnsmith.example.com/report") at [Example Security]("https://www.examplesecurity.com/reports/TOTOLINK_AC120_vulnerability"), where you can find a detailed description of the vulnerability and its potential impact. The complete report provides a thorough breakdown of the issue, proof of concept, and possible mitigation strategies.

Moreover, the router's vendor [TOTOLINK]("https://www.totolink.net/") has been informed about the vulnerability and is currently working on releasing a patch to address the issue. Users of the affected TOTOLINK AC120 T8 v4.1.5cu.861_B20230220 router are advised to follow official communications and update their devices as soon as a patch becomes available.

Conclusion

The CVE-2024-46451 vulnerability in TOTOLINK AC120 T8 v4.1.5cu.861_B20230220 router devices exposes a serious security risk for users by allowing remote attackers to exploit a buffer overflow and potentially execute arbitrary code. Router owners should keep a close eye on the vendor's communications and apply the patch when released to fix the issue.

Stay vigilant and ensure your devices remain up-to-date with security patches to protect against such vulnerabilities. Regularly checking for software updates and adhering to recommended security practices can help to safeguard networks from similar threats in the future.

Timeline

Published on: 09/16/2024 13:15:10 UTC
Last modified on: 09/17/2024 14:35:31 UTC