Stack-Based Buffer Overflow in Edimax BR6478AC V2 Firmware
CVE-2023-49351

9.8CRITICAL

Key Information:

Vendor: Edimax
Status: Br-6478ac Firmware
Vendor: CVE Published:; 16 January 2024

What is CVE-2023-49351?

A stack-based buffer overflow vulnerability exists in the /bin/webs binary within the Edimax BR6478AC V2 firmware version v1.23. This issue arises from the improper use of the strcpy() function, which can allow an attacker to overwrite critical values located on the stack. Successful exploitation of this vulnerability could lead to significant impacts, including potential manipulation of the device's behavior and unauthorized access to sensitive information.

References

https://github.com/countfatcode/temp/blob/main/formUSBAcc...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Nov 27, 2023