CVE-2017-9026

Name of the Vulnerable Software and Affected Versions HooToo Trip Mate 6 (TM6) firmware versions 2.000.030 and earlier

Description The issue is a stack buffer overflow in the vshttpd (also known as ioos) component. This allows remote unauthenticated attackers to control the program counter by sending a specially crafted fname parameter in a GET request.

Recommendations For HooToo Trip Mate 6 (TM6) firmware versions 2.000.030 and earlier, avoid using the fname parameter in GET requests until a fix is available. As a temporary workaround, consider restricting access to the vshttpd component to minimize the risk of exploitation.