CVE-2024-41285

Published: Aug 26, 2024Modified: Aug 27, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path.

Affected (1)

Products: Fastcom: Fw300r Firmware

Fastcom

1 product

Fw300r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fastcom Fw300r Firmware	Version 1.3.13_build_141023_rel.61347n

Running on/with	Platform Versions
Fastcom Fw300r	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://gist.github.com/Giles-one/834b2becd7abebc3cabea0484301d149

Source: cve@mitre.org

Third Party Advisory

https://github.com/Giles-one/FW300RouterCrack/

Source: cve@mitre.org

Exploit

https://www.fastcom.com.cn/product-8.html

Source: cve@mitre.org

Product

Timeline

No history available yet.