Full Report
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution.
Analysis Summary
# Vulnerability: Kraftway-24F2XG Router Remote Code Execution via Buffer Overflow
## CVE Details
- CVE ID: CVE-2018-15353
- CVSS Score: 9.8 (High) (Based on CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CWE: Buffer Overflow (Inferred from description)
## Affected Systems
- Products: Kraftway-24F2XG Router
- Versions: firmware 3.5.30.1118
- Configurations: Accessible via the web interface.
## Vulnerability Description
A critical vulnerability exists in the Kraftway-24F2XG Router firmware, specifically a **Buffer Overflow** flaw that is reachable through the web interface. A remote, unauthenticated attacker can exploit this vulnerability to achieve **Remote Code Execution (RCE)**.
## Exploitation
- Status: Existence of exploit is unknown (No explicit confirmation of exploit in the wild, but PoC potential is high given RCE outcome).
- Complexity: Low (Attack complexity is Low, no user interaction required).
- Attack Vector: Network
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- Update firmware to **version 3.5.47-315-gef7** or higher.
### Workarounds
- No specific vendor workarounds were listed beyond applying the patch. (Implied mitigation: Restrict external access to the web interface).
## Detection
- **Indicators of Compromise:** Suspicious outbound connections, unexpected configuration changes, or system instability on the affected router.
- **Detection Methods and Tools:** Network monitoring for malformed HTTP/HTTPS requests targeting the router's web interface that may exceed expected buffer sizes. Deep packet inspection for payloads indicative of RCE attempts.
## References
- Vendor Advisory: KLCERT-18-009
- NVD Link: hxxps://nvd.nist.gov/vuln/detail/CVE-2018-15353