TOTOLINK NR1800X Stack Overflow Vulnerability in WiFi Configuration

A stack overflow vulnerability has been identified in the TOTOLINK NR1800X router, specifically in version V9.1.0u.6681_B20230703. The vulnerability arises in the setWiFiEasyCfg function, where the ssid5g parameter is processed without proper length validation. This oversight allows authenticated users to send excessively long SSID values, leading to a buffer overflow condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can potentially be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the device.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/cstecgi.cgi' endpoint with an excessively long 'ssid' and 'ssid5g' parameter. The request must include a valid 'token' in the header. This can be done using a tool like Burp Suite.