CVE-2023-49351 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2023-49351?

CVE-2023-49351 has a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability in the /bin/webs binary of Edimax BR6478AC V2 routers allows attackers to execute arbitrary code or crash the device by exploiting improper use of strcpy(). This affects users running firmware version v1.23 on these specific router models.

📋 TL;DR

A stack-based buffer overflow vulnerability in the /bin/webs binary of Edimax BR6478AC V2 routers allows attackers to execute arbitrary code or crash the device by exploiting improper use of strcpy(). This affects users running firmware version v1.23 on these specific router models.

💻 Affected Systems

Products:

Edimax BR6478AC V2 router

Versions: Firmware version v1.23

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific router model with exact firmware version. The /bin/webs binary handles web interface functionality.

📦 What is this software?

Br 6478ac Firmware by Edimax

View all CVEs affecting Br 6478ac Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Router crash causing denial of service, potential credential theft, and network disruption.

🟢

If Mitigated

Limited impact if device is behind firewall with no external access and strict network segmentation.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they gain network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains exploit details. Buffer overflow via strcpy() is a well-understood vulnerability class with reliable exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Edimax website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router web interface

Login to router admin → Advanced Settings → Remote Management → Disable

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Update section

Check Version:

Login to router web interface and check firmware version

Verify Fix Applied:

Verify firmware version is no longer v1.23 after update

📡 Detection & Monitoring

Log Indicators:

Multiple failed web interface access attempts
Unusual POST requests to router web interface
Router crash/reboot logs

Network Indicators:

Unusual traffic patterns to router management port (typically 80/443)
Exploit payload patterns in HTTP requests

SIEM Query:

source="router_logs" AND ("webs" OR "strcpy" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-49351

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 16, 2024

Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49351, you might also want to check these: