D-Link Products Buffer Overflow Vulnerability in formPingDiagnosticRun Endpoint

A critical buffer overflow vulnerability has been identified in multiple D-Link router models, including the DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M, specifically in certain firmware versions. The vulnerability arises in the 'formPingDiagnosticRun' endpoint, where the 'host' parameter is processed without proper input validation. This lack of bounds checking allows for the manipulation of the 'host' parameter, leading to stack memory overwriting. Such exploitation can cause application crashes, memory corruption, and potentially arbitrary code execution on the device.

Impact

Exploitation of this vulnerability can cause the web server to crash, making the device's management interface inaccessible. Additionally, it can lead to memory corruption and allow for arbitrary code execution on the server, with the potential for the attacker to gain full control over the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'formPingDiagnosticRun' endpoint with an oversized 'host' parameter. This can be done using a tool like Burp Repeater. The request should include the 'webuicookie' cookie for authentication.