A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays: 50 bytes). This allows local attackers controlling the contents of /proc/net/arp to overflow stack buffers, leading to memory corruption, denial of service, or potential arbitrary code execution.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinksys E1200
HWLinksys2Linksys E1200 Firmware
OSLinksys2.0.11.001
Related vulnerabilities
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E120...
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 ...
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.0...
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmwa...