Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-45721: ip-com-13 - HackMD

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function.

CVE
#vulnerability#buffer_overflow#auth#wifi

# ip-com-13 vendor:IP-COM product:M50 version:V15.11.0.33(10768) type:Buffer Overflow author:Yifeng Li, Wolin Zhuang; ## Vulnerability description We found an buffer overflow vulnerability in IP-COM Technology IP-COM’s M50 routers with firmware which was released recently, allows control the “picName” to attack it. ## Buffer Overflow vulnerability In formDelWewifiPic function, the parameter “picName” is directly sprintf to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow. ![](https://i.imgur.com/tq71QYs.png) ## PoC ### Buffer Overflow We set the value of “picName” as aaaaaaaaaaaaaaaaaaaaaaaaa…… and the router will cause buffer overflow.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907