TOTOLINK N150RT Buffer Overflow Vulnerability in VLAN Configuration

A critical buffer overflow vulnerability has been identified in the TOTOLINK N150RT router, specifically in the V2_Firmware version 3.4.0-B20190525. The issue arises in the '/boafrm/formVlan' file, where the 'submit-url' parameter can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the device becomes unresponsive and the web server is no longer accessible.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formVlan' endpoint with a crafted 'submit-url' parameter that exceeds the buffer size, causing a buffer overflow. This can be done using a tool like Burp Suite. After sending the request, the device's web server will become unresponsive, indicating successful exploitation.