/bin/main sub_69064

[CVE-ID]

[PRODUCT]

TP-Link TL-IPC544EP-W4

[Vendor of Product]

TP-Link

[VERSION] 1.0.9 Build 240428 Rel.69493n

image.png

[Firmware]

https://www.tp-link.com.cn/product_2669.html?v=download#tag

[Vulnerability Type]

BufferOverflow

[Description]

A buffer overflow vulnerability was identified in the TP-Link TL-IPC544EP-W4 firmware version 1.0.9 (Build 240428, Release 69493n). The issue resides in the sub_69064 function's text parameter handling within the /bin/main binary.

image.png

The text parameter is user-controllable and is then passed to src.

Then, src is passed into dest, where dest is a char array with a size of 4. The limit size of strncpy is 0x60, which is much larger than 4, resulting in an overflow vulnerability.

image.png