D-Link DIR-822K and DWR-M920 Buffer Overflow Vulnerability in formWanConfigSetup

A critical buffer overflow vulnerability has been identified in the D-Link DIR-822K and DWR-M920 routers, specifically in the formWanConfigSetup endpoint. The issue arises in the DIR-822K firmware version 1.00_20250513164613 and the DWR-M920 firmware version 1.1.50. The vulnerability is caused by the sub_4138B0 function, which uses the strcpy function to handle the submit-url parameter from incoming requests. The absence of proper input validation allows attackers to send oversized submit-url values, overwriting the program's stack. This exploitation can lead to application crashes, memory corruption, and potentially arbitrary code execution on the server.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged to execute arbitrary code on the affected device. Additionally, the vulnerability can be exploited to crash the web server process, making the device's management interface unavailable.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /boafrm/formWanConfigSetup endpoint with an oversized submit-url parameter. This can be done using a tool like Burp Repeater. The request must include the webuicookie cookie to simulate an authenticated session.