# Exploiting a Stack Buffer Overflow on the NETGEAR R6700v3 (CVE-2022-27646) with the Help of Symbolic Execution
- [ ] Add all external references
## Introduction
This repository is intended to demonstrate some functionalities of
[Morion](, a proof-of-concept (PoC) tool to experiment with
**symbolic execution** on real-world (ARMv7) binaries. We show some of
[Morion]('s capabilities by giving a concrete example, namely, how
it can assist during the process of creating a working **exploit for CVE-2022-27646** - a stack
buffer overflow vulnerability in NETGEAR R6700v3 routers (affected version, fixed
in later versions).

The repository contains all **files** (under [firmware](./firmware/), [libcircled](./libcircled/),
[morion](./morion/) and [server](./server/)) needed to follow along (e.g. scripts to emulate the
vulnerable ARMv7 binary) and reproduce the discussed steps of how to use
[Morion]( The **documentation** (under [docs](./docs/) and
[logs](./logs/)), to demonstrate [Morion]('s workings, contains
the following chapters:
1. [Setup](docs/ - Explains how to setup analysis (running *Morion*) and target systems
    (running target binary *circled*).
2. [Emulation](docs/ - Explains how to emulate the vulnerable target binary.
3. [Tracing](docs/ - Explains how to record a concrete execution trace of the target
    binary using *Morion*.
4. [Symbolic Execution](docs/ - Explains how to use *Morion* for analyzing the recorded
     trace symbolically.
5. [Vulnerability CVE-2022-27646](docs/ - Provides some background information to
    the targeted vulnerability.
6. [Exploitation](docs/ - Explains how *Morion* can assist during the process of
    crafting an exploit.
## References
- Morion PoC Tool:
- Defeating the NETGEAR R6700v3:
- Emulating, Debugging and Exploiting NETGEAR R6700v3 *cicled* Binary:
- NVRAM Emulator:
- Ready-to-Use Cross-Compilation Toolchains:
- Other Tools:
## Authors
- [Damian Pfammatter](, [Cyber-Defense Campus (ar S+T)](