OlivierLaflamme/out.txt

## out.txt
getWscStatus : 0x000019f0
  0x000019f0 lw $gp, 0x10($sp)
  0x000019f4 move $a1, $s0
  0x000019f8 lw $t9, -0x7e8c($gp)
  0x000019fc addiu $a0, $sp, 0x18
  0x00001a00 jalr $t9
  0x00001a04 move $s1, $v0

Function Name: getWscStatus
Callstack:
  getWscStatus : 0x1a00 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : 0x7ffeffb4
a1 : Dynamic Var
a2 : 0x0
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : Dynamic Var
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeff9c
s8 : Dynamic Var
pc : 0x401a00

Overflowed buffer definition rva: 0x000019fc
Overflowed buffer size: 56
Operation size definition rva: []
Operation size:
Verification status: Verified

A Stack Overflow vulnerability was found in nvram_daemon. The program calls to strcpy at address 0x00001a00 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

-----------------------------------------------------------------------

sub_1ca0 : 0x00001d20
  0x00001d20 lw $gp, 0x10($fp)
  0x00001d24 move $v1, $v0
  0x00001d28 addiu $v0, $fp, 0x22
  0x00001d2c move $a0, $v0
  0x00001d30 lw $a1, 0x60($fp)
  0x00001d34 move $a2, $v1
  0x00001d38 lw $t9, -0x7f68($gp)
  0x00001d3c nop
  0x00001d40 jalr $t9
  0x00001d44 nop

Callstack:
  sub_401ca0 : 0x1d40

v0 : 0x7ffeffae
v1 : Dynamic Var
a0 : 0x7ffeffae
a1 : Dynamic Var
a2 : Dynamic Var
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : Dynamic Var
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeff8c
s8 : 0x7ffeff8c
pc : 0x401d40

Overflowed buffer definition rva: 0x00001d28
Overflowed buffer size: 62
Operation size definition rva: []
Operation size:
Verification status: Verified

A Stack Overflow vulnerability was found in factoryReset. The program calls to memcpy at address 0x00001d40 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

-----------------------------------------------------------------------

sub_17660 : 0x000176ac
  0x000176ac lw $t9, -0x7ab0($gp)
  0x000176b0 lw $a2, -0x7fe4($gp)
  0x000176b4 addiu $v0, $zero, 0xd
  0x000176b8 move $v1, $t9
  0x000176bc addiu $a0, $sp, 0x18
  0x000176c0 lw $t9, -0x7d80($gp)
  0x000176c4 addiu $a1, $s2, 0x40
  0x000176c8 beq $s1, $v0, 0x417810
  0x000176cc addiu $a2, $a2, 0x1490

sub_17660 : 0x00017810
  0x00017810 move $t9, $v1
  0x00017814 jalr $t9
  0x00017818 nop

Callstack:
  sub_417834 : 0x17dd0
  sub_417660 : 0x17814

v0 : 0xd
v1 : Dynamic Var
a0 : 0x7ffefedc
a1 : Dynamic Var
a2 : Dynamic Var
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : 0xd
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffefec4
s8 : Dynamic Var
pc : 0x417814

Overflowed buffer definition rva: 0x000176bc
Overflowed buffer size: 272
Operation size definition rva: []
Operation size:
Verification status: Verified

A Stack Overflow vulnerability was found in pppoecd. The program calls to strcpy at address 0x00017814 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

-----------------------------------------------------------------------

DecodeDataFile : 0x00014264
  0x00014264 lw $gp, 0x10($sp)
  0x00014268 move $a1, $s4
  0x0001426c lw $t9, -0x7e38($gp)
  0x00014270 addiu $a2, $zero, 1
  0x00014274 move $a3, $s0
  0x00014278 jalr $t9
  0x0001427c move $a0, $s1

Function Name: DecodeDataFile
Callstack:
  DecodeDataFile : 0x14278 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : Dynamic Var
a2 : 0x1
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : Dynamic Var
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeffec
s8 : Dynamic Var
pc : 0x414278

Function name: fread

An Unchecked Return Value vulnerability was found in upnpc-ddns. The program does not check the return value of fread at address 0x00014278 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

-----------------------------------------------------------------------

client_init_ses : 0x0000cf64
  0x0000cf64 lw $gp, 0x28($sp)
  0x0000cf68 lw $a0, ($s5)
  0x0000cf6c lw $t9, -0x7ccc($gp)
  0x0000cf70 move $a1, $s3
  0x0000cf74 jalr $t9
  0x0000cf78 addiu $a2, $zero, 0x14

Function Name: client_init_ses
Callstack:
  client_init_ses : 0xcf74 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : Dynamic Var
a2 : 0x6
a3 : 0x7ffeffb0
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : 0x0
s2 : 0x7ffeff94
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : 0x7ffeffac
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeff64
s8 : Dynamic Var
pc : 0x40cf74

Function name: bind

An Unchecked Return Value vulnerability was found in pppoecd. The program does not check the return value of bind at address 0x0000cf74 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

-----------------------------------------------------------------------

client_init_ses : 0x0000d0cc
  0x0000d0cc lw $v0, 0x30($sp)
  0x0000d0d0 lw $a0, 0x34($sp)
  0x0000d0d4 swl $v0, 0x691($s0)
  0x0000d0d8 swr $v0, 0x68e($s0)
  0x0000d0dc swl $a0, 0x695($s0)
  0x0000d0e0 lw $v1, 0x38($sp)
  0x0000d0e4 swr $a0, 0x692($s0)
  0x0000d0e8 swl $v1, 0x699($s0)
  0x0000d0ec lw $v0, 0x3c($sp)
  0x0000d0f0 swr $v1, 0x696($s0)
  0x0000d0f4 swl $v0, 0x69d($s0)
  0x0000d0f8 swr $v0, 0x69a($s0)
  0x0000d0fc lw $t9, -0x7ccc($gp)
  0x0000d100 lw $a0, ($s5)
  0x0000d104 move $a1, $s3
  0x0000d108 jalr $t9
  0x0000d10c addiu $a2, $zero, 0x14

Function Name: client_init_ses
Callstack:
  client_init_ses : 0xd108 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : Dynamic Var
a2 : 0x7ffeffc4
a3 : 0x7ffeffb0
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : 0x6
s2 : 0x7ffeff94
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : 0x7ffeffac
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeff64
s8 : Dynamic Var
pc : 0x40d108

Function name: bind

An Unchecked Return Value vulnerability was found in pppoecd. The program does not check the return value of bind at address 0x0000d108 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

-----------------------------------------------------------------------

PollWPSStatus : 0x00002420
  0x00002420 lw $t9, -0x7f34($gp)
  0x00002424 addiu $a1, $zero, 1
  0x00002428 addiu $a2, $zero, 0xfff
  0x0000242c move $a3, $v0
  0x00002430 jalr $t9
  0x00002434 move $a0, $s3

Function Name: PollWPSStatus
Callstack:
  PollWPSStatus : 0x2430 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : 0x1
a2 : 0xfff
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : Dynamic Var
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeffec
s8 : Dynamic Var
pc : 0x402430

Function name: fread

An Unchecked Return Value vulnerability was found in nvram_daemon. The program does not check the return value of fread at address 0x00002430 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

-----------------------------------------------------------------------

landap_send_site_survey : 0x0000358c
  0x0000358c lw $v1, 0x60($sp)
  0x00003590 nop
  0x00003594 move $v0, $v1
  0x00003598 sll $v0, $v0, 3
  0x0000359c addu $v0, $v0, $v1
  0x000035a0 sll $v1, $v0, 2
  0x000035a4 lw $v0, 0x40($sp)
  0x000035a8 nop
  0x000035ac addu $v0, $v1, $v0
  0x000035b0 addiu $v0, $v0, 0x3a
  0x000035b4 move $a0, $v0
  0x000035b8 move $a1, $zero
  0x000035bc addiu $a2, $zero, 4
  0x000035c0 lw $t9, -0x7ebc($gp)
  0x000035c4 nop
  0x000035c8 jalr $t9
  0x000035cc nop

Function Name: landap_send_site_survey
Callstack:
  landap_send_site_survey : 0x35c8 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : 0x0
a2 : 0x4
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : Dynamic Var
s1 : Dynamic Var
s2 : Dynamic Var
s3 : Dynamic Var
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeffec
s8 : Dynamic Var
pc : 0x4035c8

Buffer definition rva: 0x000035bc
Verification status: Verified

An Uninitialized Read vulnerability was found in lanconfig. The program calls to memset requesting to initialize a buffer with the size of the buffer's pointer, instead of using the actual size of the buffer, leaving part of the buffer in uninitialized state. Reading and using the buffer can lead to unexpected behaviour.

-----------------------------------------------------------------------

memalign : 0x00047d2c
  0x00047d2c ori $v0, $v1, 1
  0x00047d30 sw $v0, 4($s1)
  0x00047d34 addu $v1, $s1, $v1
  0x00047d38 lw $v0, 4($v1)
  0x00047d3c lw $t9, -0x7f8c($gp)
  0x00047d40 ori $v0, $v0, 1
  0x00047d44 sw $v0, 4($v1)
  0x00047d48 lw $v0, 4($s2)
  0x00047d4c move $a0, $a1
  0x00047d50 andi $v0, $v0, 1
  0x00047d54 or $v0, $v0, $a2
  0x00047d58 jalr $t9
  0x00047d5c sw $v0, 4($s2)

memalign : 0x00047d94
  0x00047d94 ori $v0, $v0, 1
  0x00047d98 addu $a0, $s2, $s3
  0x00047d9c sw $v0, 4($a0)
  0x00047da0 lw $v0, 4($s2)
  0x00047da4 lw $t9, -0x7f8c($gp)
  0x00047da8 andi $v0, $v0, 1
  0x00047dac or $v0, $v0, $s3
  0x00047db0 sw $v0, 4($s2)
  0x00047db4 jalr $t9
  0x00047db8 addiu $a0, $a0, 8

Function Name: memalign
Callstack:
  memalign : 0x47db0 (Export)

v0 : Dynamic Var
v1 : Dynamic Var
a0 : Dynamic Var
a1 : Dynamic Var
a2 : Dynamic Var
a3 : Dynamic Var
t0 : Dynamic Var
t1 : Dynamic Var
t2 : Dynamic Var
t3 : Dynamic Var
t4 : Dynamic Var
t5 : Dynamic Var
t6 : Dynamic Var
t7 : Dynamic Var
s0 : 0x20
s1 : Dynamic Var
s2 : Dynamic Var
s3 : 0x10
s4 : Dynamic Var
s5 : Dynamic Var
s6 : Dynamic Var
s7 : Dynamic Var
t8 : Dynamic Var
t9 : Dynamic Var
k0 : Dynamic Var
k1 : Dynamic Var
sp : 0x7ffeffbc
s8 : Dynamic Var
pc : 0x447db4

Free rva: 0x00047d58
Freed buffer definition rva: 0x00047c6c
Verification status: Verified

A Use After Free vulnerability was found in libuClibc-0.9.28.so. The program references a memory at address 0x00047db0 after it has been freed at address 0x00047d58. This can cause the program to crash, to use unexpected values, or to execute malicious code.
	getWscStatus : 0x000019f0
	0x000019f0 lw $gp, 0x10($sp)
	0x000019f4 move $a1, $s0
	0x000019f8 lw $t9, -0x7e8c($gp)
	0x000019fc addiu $a0, $sp, 0x18
	0x00001a00 jalr $t9
	0x00001a04 move $s1, $v0

	Function Name: getWscStatus
	Callstack:
	getWscStatus : 0x1a00 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : 0x7ffeffb4
	a1 : Dynamic Var
	a2 : 0x0
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeff9c
	s8 : Dynamic Var
	pc : 0x401a00

	Overflowed buffer definition rva: 0x000019fc
	Overflowed buffer size: 56
	Operation size definition rva: []
	Operation size:
	Verification status: Verified

	A Stack Overflow vulnerability was found in nvram_daemon. The program calls to strcpy at address 0x00001a00 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

	-----------------------------------------------------------------------

	sub_1ca0 : 0x00001d20
	0x00001d20 lw $gp, 0x10($fp)
	0x00001d24 move $v1, $v0
	0x00001d28 addiu $v0, $fp, 0x22
	0x00001d2c move $a0, $v0
	0x00001d30 lw $a1, 0x60($fp)
	0x00001d34 move $a2, $v1
	0x00001d38 lw $t9, -0x7f68($gp)
	0x00001d3c nop
	0x00001d40 jalr $t9
	0x00001d44 nop

	Callstack:
	sub_401ca0 : 0x1d40

	v0 : 0x7ffeffae
	v1 : Dynamic Var
	a0 : 0x7ffeffae
	a1 : Dynamic Var
	a2 : Dynamic Var
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeff8c
	s8 : 0x7ffeff8c
	pc : 0x401d40

	Overflowed buffer definition rva: 0x00001d28
	Overflowed buffer size: 62
	Operation size definition rva: []
	Operation size:
	Verification status: Verified

	A Stack Overflow vulnerability was found in factoryReset. The program calls to memcpy at address 0x00001d40 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

	-----------------------------------------------------------------------

	sub_17660 : 0x000176ac
	0x000176ac lw $t9, -0x7ab0($gp)
	0x000176b0 lw $a2, -0x7fe4($gp)
	0x000176b4 addiu $v0, $zero, 0xd
	0x000176b8 move $v1, $t9
	0x000176bc addiu $a0, $sp, 0x18
	0x000176c0 lw $t9, -0x7d80($gp)
	0x000176c4 addiu $a1, $s2, 0x40
	0x000176c8 beq $s1, $v0, 0x417810
	0x000176cc addiu $a2, $a2, 0x1490

	sub_17660 : 0x00017810
	0x00017810 move $t9, $v1
	0x00017814 jalr $t9
	0x00017818 nop

	Callstack:
	sub_417834 : 0x17dd0
	sub_417660 : 0x17814

	v0 : 0xd
	v1 : Dynamic Var
	a0 : 0x7ffefedc
	a1 : Dynamic Var
	a2 : Dynamic Var
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : 0xd
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffefec4
	s8 : Dynamic Var
	pc : 0x417814

	Overflowed buffer definition rva: 0x000176bc
	Overflowed buffer size: 272
	Operation size definition rva: []
	Operation size:
	Verification status: Verified

	A Stack Overflow vulnerability was found in pppoecd. The program calls to strcpy at address 0x00017814 with a destination buffer allocated on the Stack. The function gets the size argument as a parameter, and does not validate the the destination buffer has enough space for the copy operation, causing memory corruption that may lead to a program crash, an override of data and an execution of a malicious code.

	-----------------------------------------------------------------------

	DecodeDataFile : 0x00014264
	0x00014264 lw $gp, 0x10($sp)
	0x00014268 move $a1, $s4
	0x0001426c lw $t9, -0x7e38($gp)
	0x00014270 addiu $a2, $zero, 1
	0x00014274 move $a3, $s0
	0x00014278 jalr $t9
	0x0001427c move $a0, $s1

	Function Name: DecodeDataFile
	Callstack:
	DecodeDataFile : 0x14278 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : Dynamic Var
	a2 : 0x1
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeffec
	s8 : Dynamic Var
	pc : 0x414278

	Function name: fread

	An Unchecked Return Value vulnerability was found in upnpc-ddns. The program does not check the return value of fread at address 0x00014278 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

	-----------------------------------------------------------------------

	client_init_ses : 0x0000cf64
	0x0000cf64 lw $gp, 0x28($sp)
	0x0000cf68 lw $a0, ($s5)
	0x0000cf6c lw $t9, -0x7ccc($gp)
	0x0000cf70 move $a1, $s3
	0x0000cf74 jalr $t9
	0x0000cf78 addiu $a2, $zero, 0x14

	Function Name: client_init_ses
	Callstack:
	client_init_ses : 0xcf74 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : Dynamic Var
	a2 : 0x6
	a3 : 0x7ffeffb0
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : 0x0
	s2 : 0x7ffeff94
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : 0x7ffeffac
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeff64
	s8 : Dynamic Var
	pc : 0x40cf74

	Function name: bind

	An Unchecked Return Value vulnerability was found in pppoecd. The program does not check the return value of bind at address 0x0000cf74 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

	-----------------------------------------------------------------------

	client_init_ses : 0x0000d0cc
	0x0000d0cc lw $v0, 0x30($sp)
	0x0000d0d0 lw $a0, 0x34($sp)
	0x0000d0d4 swl $v0, 0x691($s0)
	0x0000d0d8 swr $v0, 0x68e($s0)
	0x0000d0dc swl $a0, 0x695($s0)
	0x0000d0e0 lw $v1, 0x38($sp)
	0x0000d0e4 swr $a0, 0x692($s0)
	0x0000d0e8 swl $v1, 0x699($s0)
	0x0000d0ec lw $v0, 0x3c($sp)
	0x0000d0f0 swr $v1, 0x696($s0)
	0x0000d0f4 swl $v0, 0x69d($s0)
	0x0000d0f8 swr $v0, 0x69a($s0)
	0x0000d0fc lw $t9, -0x7ccc($gp)
	0x0000d100 lw $a0, ($s5)
	0x0000d104 move $a1, $s3
	0x0000d108 jalr $t9
	0x0000d10c addiu $a2, $zero, 0x14

	Function Name: client_init_ses
	Callstack:
	client_init_ses : 0xd108 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : Dynamic Var
	a2 : 0x7ffeffc4
	a3 : 0x7ffeffb0
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : 0x6
	s2 : 0x7ffeff94
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : 0x7ffeffac
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeff64
	s8 : Dynamic Var
	pc : 0x40d108

	Function name: bind

	An Unchecked Return Value vulnerability was found in pppoecd. The program does not check the return value of bind at address 0x0000d108 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

	-----------------------------------------------------------------------

	PollWPSStatus : 0x00002420
	0x00002420 lw $t9, -0x7f34($gp)
	0x00002424 addiu $a1, $zero, 1
	0x00002428 addiu $a2, $zero, 0xfff
	0x0000242c move $a3, $v0
	0x00002430 jalr $t9
	0x00002434 move $a0, $s3

	Function Name: PollWPSStatus
	Callstack:
	PollWPSStatus : 0x2430 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : 0x1
	a2 : 0xfff
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeffec
	s8 : Dynamic Var
	pc : 0x402430

	Function name: fread

	An Unchecked Return Value vulnerability was found in nvram_daemon. The program does not check the return value of fread at address 0x00002430 for unexpected states and conditions. if the function fails or returns a value that is not expected, then the subsequent program logic is unexpected.

	-----------------------------------------------------------------------

	landap_send_site_survey : 0x0000358c
	0x0000358c lw $v1, 0x60($sp)
	0x00003590 nop
	0x00003594 move $v0, $v1
	0x00003598 sll $v0, $v0, 3
	0x0000359c addu $v0, $v0, $v1
	0x000035a0 sll $v1, $v0, 2
	0x000035a4 lw $v0, 0x40($sp)
	0x000035a8 nop
	0x000035ac addu $v0, $v1, $v0
	0x000035b0 addiu $v0, $v0, 0x3a
	0x000035b4 move $a0, $v0
	0x000035b8 move $a1, $zero
	0x000035bc addiu $a2, $zero, 4
	0x000035c0 lw $t9, -0x7ebc($gp)
	0x000035c4 nop
	0x000035c8 jalr $t9
	0x000035cc nop

	Function Name: landap_send_site_survey
	Callstack:
	landap_send_site_survey : 0x35c8 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : 0x0
	a2 : 0x4
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : Dynamic Var
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : Dynamic Var
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeffec
	s8 : Dynamic Var
	pc : 0x4035c8

	Buffer definition rva: 0x000035bc
	Verification status: Verified

	An Uninitialized Read vulnerability was found in lanconfig. The program calls to memset requesting to initialize a buffer with the size of the buffer's pointer, instead of using the actual size of the buffer, leaving part of the buffer in uninitialized state. Reading and using the buffer can lead to unexpected behaviour.

	-----------------------------------------------------------------------

	memalign : 0x00047d2c
	0x00047d2c ori $v0, $v1, 1
	0x00047d30 sw $v0, 4($s1)
	0x00047d34 addu $v1, $s1, $v1
	0x00047d38 lw $v0, 4($v1)
	0x00047d3c lw $t9, -0x7f8c($gp)
	0x00047d40 ori $v0, $v0, 1
	0x00047d44 sw $v0, 4($v1)
	0x00047d48 lw $v0, 4($s2)
	0x00047d4c move $a0, $a1
	0x00047d50 andi $v0, $v0, 1
	0x00047d54 or $v0, $v0, $a2
	0x00047d58 jalr $t9
	0x00047d5c sw $v0, 4($s2)

	memalign : 0x00047d94
	0x00047d94 ori $v0, $v0, 1
	0x00047d98 addu $a0, $s2, $s3
	0x00047d9c sw $v0, 4($a0)
	0x00047da0 lw $v0, 4($s2)
	0x00047da4 lw $t9, -0x7f8c($gp)
	0x00047da8 andi $v0, $v0, 1
	0x00047dac or $v0, $v0, $s3
	0x00047db0 sw $v0, 4($s2)
	0x00047db4 jalr $t9
	0x00047db8 addiu $a0, $a0, 8

	Function Name: memalign
	Callstack:
	memalign : 0x47db0 (Export)

	v0 : Dynamic Var
	v1 : Dynamic Var
	a0 : Dynamic Var
	a1 : Dynamic Var
	a2 : Dynamic Var
	a3 : Dynamic Var
	t0 : Dynamic Var
	t1 : Dynamic Var
	t2 : Dynamic Var
	t3 : Dynamic Var
	t4 : Dynamic Var
	t5 : Dynamic Var
	t6 : Dynamic Var
	t7 : Dynamic Var
	s0 : 0x20
	s1 : Dynamic Var
	s2 : Dynamic Var
	s3 : 0x10
	s4 : Dynamic Var
	s5 : Dynamic Var
	s6 : Dynamic Var
	s7 : Dynamic Var
	t8 : Dynamic Var
	t9 : Dynamic Var
	k0 : Dynamic Var
	k1 : Dynamic Var
	sp : 0x7ffeffbc
	s8 : Dynamic Var
	pc : 0x447db4

	Free rva: 0x00047d58
	Freed buffer definition rva: 0x00047c6c
	Verification status: Verified

	A Use After Free vulnerability was found in libuClibc-0.9.28.so. The program references a memory at address 0x00047db0 after it has been freed at address 0x00047d58. This can cause the program to crash, to use unexpected values, or to execute malicious code.