D-Link DIR-816L Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816L router, specifically in the 2_06_b09_beta firmware version. The issue arises in the 'scandir_main' function of the file '/portal/__ajax_exporer.sgi', where the manipulation of the 'en' argument allows for remote exploitation. This vulnerability affects devices that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a request to the '/portal/__ajax_exporer.sgi' endpoint with a crafted 'en' argument that exploits the buffer overflow in the 'scandir_main' function. The request must include the user's cookie to be accepted.