CVE-2023-37793

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2023-37793 is a critical buffer overflow vulnerability in WAYOS FBM-291W routers that allows remote attackers to execute arbitrary code or cause denial of service via the /upgrade_filter.asp component. This affects organizations and individuals using these specific routers with vulnerable firmware. Attackers can exploit this without authentication to gain complete control of affected devices.

💻 Affected Systems

Products:

• WAYOS FBM-291W

Versions: 19.09.11V

Operating Systems: Embedded Linux/RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific model with this exact firmware version. The web interface must be accessible.

📦 What is this software?

Fbm 291w Firmware by Wayos

View all CVEs affecting Fbm 291w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, persistent backdoor installation, and data exfiltration.

🟠

Likely Case

Router compromise allowing traffic interception, credential theft, network disruption, and use as botnet node.

🟢

If Mitigated

Limited to denial of service if exploit fails or device crashes before code execution.

🌐 Internet-Facing: HIGH - The vulnerable component is accessible via web interface and exploitable without authentication.

🏢 Internal Only: MEDIUM - While primarily internet-facing, compromised devices could be used to pivot to internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists in GitHub repository. Exploitation requires sending crafted HTTP request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. If update available, download and verify checksum. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot and verify version.

🔧 Temporary Workarounds

Disable Web Interface Access

linux

Block external access to router web management interface

Copy

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Network Segmentation

all

Isolate vulnerable routers in separate VLAN with restricted access

🧯 If You Can't Patch

• Replace vulnerable devices with supported models
• Implement strict network ACLs to limit access to router management interface

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version via router web interface or SSH: cat /proc/version or check admin panel system info

Check Version:

Copy

curl -s http://router-ip/ | grep -i version or login to admin interface

Verify Fix Applied:

Copy

Verify firmware version is no longer 19.09.11V and test /upgrade_filter.asp endpoint with controlled payload

📡 Detection & Monitoring

Log Indicators:

• Unusual POST requests to /upgrade_filter.asp
• Large payloads in HTTP requests
• Router reboot logs without user action

Network Indicators:

• HTTP requests with oversized parameters to upgrade_filter.asp
• Unusual outbound connections from router

SIEM Query:

Copy

source="router_logs" AND (uri="/upgrade_filter.asp" AND content_length>1000)

📊 Metadata

CVE ID: CVE-2023-37793

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: July 14, 2023

Last Updated: November 21, 2024

🔗 References

• https://github.com/PwnYouLin/IOT_vul/blob/main/wayos/2/readme.md Exploit
• https://github.com/PwnYouLin/IOT_vul/blob/main/wayos/2/readme.md Exploit

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37793, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)

CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)

CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)