CVE-2024-35106
📋 TL;DR
A buffer overflow vulnerability exists in the NEXTU FLETA AX1500 WIFI6 router's web interface at /boafrm/formIpQoS. Attackers can exploit this via crafted POST requests to cause denial of service or potentially execute arbitrary code. This affects users of the vulnerable router firmware version.
💻 Affected Systems
- NEXTU FLETA AX1500 WIFI6
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full router compromise, network traffic interception, and lateral movement into connected networks.
Likely Case
Router crash and denial of service requiring physical reset, disrupting network connectivity for all connected devices.
If Mitigated
Limited to denial of service if exploit attempts are blocked at network perimeter or router is not internet-facing.
🎯 Exploit Status
Public proof-of-concept available on GitHub. Exploitation requires sending crafted POST request to vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=&seq=233
Restart Required: Yes
Instructions:
1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Access router web interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.
🔧 Temporary Workarounds
Disable Remote Management
allPrevent external access to router web interface
Access router admin panel -> Security/Remote Management -> Disable remote access
Network Segmentation
allIsolate router management interface from untrusted networks
Configure firewall rules to block external access to router IP on ports 80/443
🧯 If You Can't Patch
- Replace vulnerable router with different model that receives security updates
- Place router behind dedicated firewall with strict inbound rules blocking web management ports
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in web interface under System Status or About pageCheck Version:
curl -s http://router-ip/ | grep -i 'version' or check web interfaceVerify Fix Applied:
Verify firmware version is no longer v1.0.3 after update📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /boafrm/formIpQoS with abnormal payload lengths
- Router crash/reboot events in system logs
Network Indicators:
- Unusual POST requests to router IP on port 80/443 targeting /boafrm/formIpQoS
- Sudden loss of router connectivity
SIEM Query:
source="router_logs" AND (uri="/boafrm/formIpQoS" OR message="crash" OR message="reboot")