CVE-2017-8336

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered that allows an attacker to overflow the stack and control the $ra register stored on the stack by manipulating the POST parameters when setting up routes on the device. The binary "goahead" contains the vulnerable function that receives the values sent by the POST request. The function sub 00420F38 is identified as receiving these values. The POST parameter gateway allows for stack overflow and control of the $ra register after 1546 characters. This enables an attacker to provide a payload of their choice and take control of the device.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the goahead binary or restricting access to the route setup feature until a patch is available. As a temporary workaround, avoid using the gateway parameter in the POST request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.