TOTOLINK A3300R Stack-Based Buffer Overflow Vulnerability in Syslog Configuration Handler

A stack-based buffer overflow vulnerability has been identified in the TOTOLINK A3300R router, specifically in the firmware version 17.0.0cu.557_B20221024. The issue arises in the 'setSyslogCfg' function within the '/cgi-bin/cstecgi.cgi' file, where the 'enable' POST parameter is processed. The vulnerability allows for remote exploitation, as the parameter is written to a configuration key without proper length or content validation, leading to stack overflow.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can overwrite stack memory and potentially allow for arbitrary code execution or manipulation of the device's execution flow.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/cstecgi.cgi' endpoint with the 'enable' parameter containing a payload designed to overflow the buffer. This can be done using a script that includes the necessary cookies and payload data. After the payload is sent, the 'getSyslogCfg' function can be called to trigger the overflow and demonstrate the vulnerability.