The vulnerable function processes ACMP messages from websockets, allowing attacker-controlled input, which can lead to a stack buffer overflow via inadequate length checks.
The patch for the vulnerability added a critical length check for the base64 encoded string, ensuring it does not exceed the acceptable size before decoding.
While the patch appears to fix the identified vulnerability effectively, it does not address potential future vulnerabilities from other functions using base64_decode() without similar checks.
The changes in firmware v1.35 indicate some progress in mitigating security flaws; however, reliance on one function for safety may lead to future vulnerabilities.
Collection
[
|
...
]