DD-WRT Buffer Overflow Vulnerability in UPNP Service Allowing Remote Code Execution

A buffer overflow vulnerability has been identified in the UPNP network discovery service of DD-WRT version 45723. This vulnerability allows remote attackers to execute arbitrary code by sending crafted M-SEARCH packets with oversized UUID payloads, triggering buffer overflow conditions on the affected device. The UPNP service, which is disabled by default, can be exploited by attackers on the same local network.

Impact

Exploitation of this vulnerability can lead to arbitrary code execution on the affected device.

Reproduction

To reproduce this vulnerability, first enable the UPNP service on a DD-WRT device running version 45723 or prior. Once UPNP is active, a proof-of-concept script can be executed to send an M-SEARCH packet with an oversized UUID payload. This will cause the UPNP service to crash, demonstrating the buffer overflow exploitation.

Remediation

Users can update to the latest version of DD-WRT, which includes a fix for this vulnerability. The updated version can be downloaded from the DD-WRT Router Database.