D-Link DI-8100 Buffer Overflow Vulnerability in IPsec Network ASP Function

A buffer overflow vulnerability has been identified in the D-Link DI-8100 router running firmware version 16.07.26A1. The issue arises in the IPsec network ASP function, where the 'remot_ip' parameter is improperly handled. The vulnerability allows for a stack overflow by using 'sprintf' to copy unchecked data from 'remot_ip' to a stack variable, potentially leading to a program crash, denial of service, or arbitrary command execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a program crash, creating a denial-of-service condition, or allow for arbitrary command execution on the device.

Reproduction

To reproduce this vulnerability, send a GET request to the '/ipsec_net.asp' endpoint with a crafted 'remot_ip' parameter. The payload should be designed to overflow the buffer by exceeding the expected length, which can be achieved by using a string of repeated characters. Include the necessary headers and cookies to simulate a legitimate request.