WINSTAR WN572HP3 Heap Overflow Vulnerability in upload.cgi

A heap overflow vulnerability has been identified in the WINSTAR WN572HP3 router, specifically in the Lighttpd web service component of the v230525 firmware. The issue arises in the upload.cgi script, which fails to properly validate the size of the heap buffer requested by the malloc function. This vulnerability can be exploited by sending a malicious HTTP request with an excessive Content-Length value, leading to a program crash.

Impact

Exploitation of this vulnerability causes the program to crash, indicating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the upload.cgi script with a Content-Length value set to a very large number, such as 2147483632. This can be done by using a tool that allows for the manipulation of HTTP headers, such as a custom script or a web application testing tool. Additionally, the HTTP_COOKIE header must be set to a string starting with 'token=' to trigger the vulnerability.