嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章,找出关键信息。 文章标题提到了Wavlink WL-WN579X3-C的firewall.cgi中的UPNP栈溢出漏洞,CVE编号是CVE-2026-5004。作者是Mohammed Idrees Banyamer,来自约旦。漏洞影响的是固件版本231124,平台是MIPS。 描述部分提到当“firewall”参数设为“UPNP”时,存在栈溢出。具体来说,UpnpEnabled参数被复制到一个8字节的栈缓冲区,但uci_init写入了大约40字节的数据,导致溢出32多字节,破坏了返回地址。 这个漏洞可以通过远程触发,无需认证,如果Web界面暴露的话。可能导致设备崩溃或重新启动。通过ROP工程可能实现远程代码执行。 参考部分有GitHub链接和其他漏洞数据库的链接。 使用说明是运行Python脚本exploit.py并传入目标IP。 总结时需要包括设备型号、漏洞类型、影响版本、溢出原因、触发方式和可能后果。控制在100字以内。 所以最终总结应该是:Wavlink WL-WN579X3-C固件版本231124中存在UPNP处理栈溢出漏洞(CVE-2026-5004),当设置firewall参数为UPNP时,UpnpEnabled参数被写入过小的缓冲区导致溢出。可远程触发,造成设备崩溃或重启,可能实现代码执行。 </think> Wavlink WL-WN579X3-C固件版本231124中存在UPNP处理栈溢出漏洞(CVE-2026-5004),当设置`firewall`参数为`UPNP`时,`UpnpEnabled`参数被写入过小的缓冲区导致溢出。可远程触发,造成设备崩溃或重启,可能实现代码执行。 2026-3-31 19:38:48 Author: cxsecurity.com(查看原文) 阅读量:3 收藏
# Exploit Title: Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow # CVE: CVE-2026-5004 # Date: 2026-03-29 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Author Blog: https://banyamersecurity.com/blog/ # Vendor Homepage: https://www.wavlink.com # Affected: Wavlink WL-WN579X3-C firmware version 231124 # Tested on: Wavlink WL-WN579X3-C (firmware 231124) # Platform: MIPS # Exploit Type: Remote Stack-based Buffer Overflow # CVSS: 8.8 (High) # Description: A stack-based buffer overflow exists in /cgi-bin/firewall.cgi when the "firewall" parameter is set to "UPNP". The UpnpEnabled parameter is copied into a small 8-byte stack buffer (in function sub_4019FC), but uci_init writes ~40 bytes, causing a 32+ byte overflow that corrupts the saved return address. This vulnerability can be triggered remotely without authentication if the web interface is exposed, leading to Denial of Service (device crash / reboot). With additional ROP engineering, remote code execution may be possible. # References: - https://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_200/README.md - https://vuldb.com/vuln/353891 - https://nvd.nist.gov/vuln/detail/CVE-2026-5004 # Usage: python3 exploit.py <target_ip> # PoC Code:
References:
ttps://github.com/Litengzheng/vul_db/blob/main/WL-WN579X3-C/vul_200/README.md
https://vuldb.com/vuln/353891
https://nvd.nist.gov/vuln/detail/CVE-2026-5004
https://www.thehackerwire.com/wavlink-wl-wn579x3-c-upnp-handler-stack-based-buffer-overflow-cve-2026-5004/
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh