In our Tech Blog, our ananlysts publish technical articles, new insights and novel techniques they developed.
Exploitation of a Vanilla Buffer Overflow in the o2 HomeBox 6441 Router (unauthenticated) – A Step by Step Abuse Guide
Introduction
We regularly investigate the security of Customer Premises Equipment (CPEs), also known as SOHO routers. One important aspect of these investigations is to check for memory corruption vulnerabilities like buffer overflows. While these types of bugs were discovered in 1996[1] and secure coding practices as well as exploitation mitigation techniques should render these issues to a vanishing phenomenon, we still encounter them on today’s devices.
In August 2018, NSIDE investigated the O2 HomeBox 6441 in terms of memory corruption vulnerabilities and discovered a buffer overflow in the embedded webserver. Most of the time NSIDE doesn’t publish such findings, because we are bound by NDAs
The Vulnerability
Usually all parameters that are accepted by the webserver get sanitized and their length is checked or ceiled against/to an upper bound. […]