D-Link DIR-816L Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816L router, specifically in the 2_06_b09_beta firmware version. The issue arises in the 'genacgi_main' function of the 'gena.cgi' file, where the 'SERVER_ID' and 'HTTP_SID' arguments can be manipulated, leading to remote exploitation. This vulnerability affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can potentially be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a request to the router's 'gena.cgi' file with the 'SERVER_ID' or 'HTTP_SID' arguments manipulated. The 'genacgi_main' function will process these inputs, and the use of 'sprintf' for string concatenation will trigger the stack-based buffer overflow.