Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request.
The ippprint service running on the device does not properly validate the length of input data transmitted in HTTP requests, leading to a buffer overflow (CWE-120). An attacker sends a specially crafted HTTP request to the vulnerable service, causing memory areas outside the intended buffer to be overwritten. As a result, it is possible to hijack the program execution flow and execute arbitrary code on the device side.
An unauthenticated remote attacker can execute arbitrary code on the device (RCE), which in practice means complete takeover of the router, including the ability to modify network configuration, intercept network traffic, or use the device as an entry point to the local network.
Apply patches available from the manufacturer according to the references. If an update is not available, it is recommended to restrict network access to the ippprint service at the firewall level or disable this service if it is not required.
Sagemcom F@st 3686 with firmware version MAGYAR_4.121.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSagemcom F\@st 3686
HWSagemcomwszystkie wersjeSagemcom F\@st 3686 Firmware
OSSagemcom4.121.0
Related vulnerabilities
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerabilit...
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.a...
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authe...