Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Edimax AC1200 Wave 2 Dual-Band Gigabit Router, specifically in the BR-6478AC V3 model running firmware version 1.0.15. The vulnerability arises in the 'formWsc' function, where the 'peerPin' parameter can be manipulated to cause a stack overflow.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

To reproduce this vulnerability, log into the router's web interface using the default credentials (username: admin, password: 1234). After logging in, navigate to the 'WPS' settings page. Once there, send a POST request to the 'formWsc' endpoint with a crafted 'peerPin' parameter that is excessively long, such as 400 characters. This will trigger the stack overflow by overwriting the return address on the stack.