JVN#88991166: SEIL Series routers vulnerable to buffer overflow

The PPP Access Concentrator (PPPAC) contained in SEIL Series routers contain a buffer overflow vulnerability when processing PPPoE packets.

Impact

An attacker may be able to execute arbitrary code.

Accoding to the developer, all versions of SEIL/86, SEIL/B1, SEIL/X1, SEIL/X2 3.00 through 3.11 process PPPoE packets in a non-administrative mode of operation, therefore the affect of this vulnerability is limited to the PPPAC service being stopped.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

This issue was resolved in the following versions.

• SEIL/x86 firmware 1.62

• SEIL/B1 firmware 3.12

• SEIL/X1 firmware 3.12

• SEIL/X2 firmware 3.12

• SEIL/Turbo firmware 2.11

• SEIL/neu 2FE Plus firmware 2.11

Products Affected

• SEIL/x86 firmware 1.00 to 1.61

• SEIL/B1 firmware 1.00 to 3.11

• SEIL/X1 firmware 1.00 to 3.11

• SEIL/X2 firmware 1.00 to 3.11

• SEIL/Turbo firmware 1.80 to 2.10

• SEIL/neu 2FE Plus firmware 1.80 to 2.10