D-Link DIR-816L Stack-Based Buffer Overflow Vulnerability in soap.cgi

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816L router, specifically in the 2_06_b09_beta firmware. The issue arises in the soapcgi_main function of the soap.cgi file, where externally controllable input is not properly validated, allowing for a buffer overflow condition. This vulnerability can be exploited remotely and affects a product that is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request to the router's soap.cgi endpoint. The HTTP_SOAPACTION header should be used to include the payload that triggers the buffer overflow. This payload will overwrite the return address on the stack, potentially allowing for code execution.