TID-327: Out of Bounds Memory Access

Threat Description

If an application does not properly restrict data writes to allocated memory locations, a threat actor could send an input or message that writes data outside of intended or allowed memory locations. By overwriting memory locations, an attacker can possibly hijack the control-flow of the program to remotely execute their own code or cause a DoS on the device.

Threat Maturity and Evidence

Known Exploitable Weakness
Tenda AC11 Router Stack Buffer Overflow Vulnerability
“Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.”

Tenda AC11 Router Stack Buffer Overflow Vulnerability
“An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.”

Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
“Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.”

CWE

CWE 1218: Memory Buffer Errors
This a weakness category related to the handling of memory buffers within a software system. It is possible that any of these weaknesses can lead to the development of a vulnerability to exploit in a given device.

CVE

Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs
A buffer overflow present on Siemens ICS switches could allow threat actors to gain the ability to take administrative actions on switches.