D-Link DIR-822K and DWR-M920 Buffer Overflow Vulnerability in Firewall Management Endpoint

A critical buffer overflow vulnerability has been identified in the D-Link DIR-822K and DWR-M920 routers, specifically in the DIR-822K firmware version 1.00_20250513164613 and the DWR-M920 firmware version 1.1.50. The vulnerability arises in the '/boafrm/formFirewallAdv' endpoint, where the 'submit-url' parameter is processed without proper bounds checking. This oversight allows remote attackers to send oversized 'submit-url' values, overwriting stack memory and potentially leading to application crashes, memory corruption, and arbitrary code execution on the device.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged to execute arbitrary code on the router. This could allow an attacker to gain full control over the device, monitor network traffic, or use the router as a launch point for attacks on other devices within the network.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formFirewallAdv' endpoint with an oversized 'submit-url' parameter. This can be done using a tool like Burp Suite, which allows for the manipulation of HTTP requests. The request should include the 'lan_mask' and 'save_apply' parameters, along with the oversized 'submit-url' value that exploits the buffer overflow.