Stack-based Buffer Overflow Vulnerability in Linksys WRT120N Wireless Router
CVE-2014-125122
Key Information:
Badges
What is CVE-2014-125122?
The Linksys WRT120N wireless router is vulnerable to a stack-based buffer overflow through its tmUnblock.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with an excessively long TM_Block_URL parameter. This allows the attacker to overwrite memory, which could lead to unauthorized access by resetting the administrator password to a blank value, thus bypassing authentication on the router's management interface.
Affected Version(s)
WRT120N 1.0.07
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved