TID-327: Out of Bounds Memory Access

Threat Description

If an application does not properly restrict data writes to allocated memory locations, a threat actor could send an input or message that writes data outside of intended or allowed memory locations. By overwriting memory locations, an attacker can possibly hijack the control-flow of the program to remotely execute their own code or cause a DoS on the device.

Threat Maturity and Evidence

Known Exploitable Weakness

• [KEV] Tenda AC11 Wi-Fi Router Buffer Overflow Vulnerability – CVE-2021-31755
  “An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.”

• [KEV] Amcrest Camera/NVR Multiple Vulnerabilities – CVE-2020-5735
  “Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.”

CWE

• CWE 1218: Memory Buffer Errors
  “This a weakness category related to the handling of memory buffers within a software system. It is possible that any of these weaknesses can lead to the development of a vulnerability to exploit in a given device.”

CVE

• Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs – CVE-2015-1449
  “A buffer overflow present on Siemens ICS switches could allow threat actors to gain the ability to take administrative actions on switches.”