This issue was discovered by Wenfeng Miao of Tencent. In addition to the stack overflow issue, this firmware also has multiple security issues, including remote code execution, information disclosure, and denial of service. End-users should upgrade to a fixed version immediately.
These security issues were discovered by security researchers and are provided for information purposes. It is recommended to prevent exposure to these issues by patching the device. Details on the vulnerability can be found below.
In addition to the security issues discovered, a stack overflow vulnerability was also discovered in this firmware. This vulnerability may be exploited by attackers to cause a Denial of Service (DoS) via crafted overflow data. All users are advised to upgrade to a fixed version immediately.

Remote Code Execution (RCE)

This issue allows attackers to remotely execute arbitrary code with root privileges, which can cause a Denial of Service (DoS) via unspecified vectors.

Remote code execution vulnerability

A remote code execution vulnerability was discovered in the affected product. The vulnerability can be exploited by sending a crafted text message to the device. This may allow an attacker to execute arbitrary code on the device and cause Denial of Service (DoS).

Remote Code Execution

This firmware has a stack overflow vulnerability that may be exploited by attackers to cause remote code execution. In order to trigger the vulnerability, attackers need to send crafted data that triggers a stack overflow when parsed, which causes the system to crash.


Published on: 11/15/2022 03:15:00 UTC
Last modified on: 11/18/2022 21:29:00 UTC