TOTOLINK A3002R Buffer Overflow Vulnerability in V4.0.0-B20230531.1404

A stack-based buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in the firmware version V4.0.0-B20230531.1404. The issue arises from inadequate input validation of the 'routername' parameter within the formDnsv6 interface, leading to the potential for an attacker to overflow a fixed-size stack buffer and overwrite critical stack data, such as return addresses.

Impact

Exploitation of this vulnerability can cause the device's web server process to crash. However, the buffer overflow could be leveraged to overwrite the return address or function pointers, potentially allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formDnsv6' endpoint. The request must include the 'submit' parameter set to 'Save', the 'enable_dnsv6' parameter set to '1', and a long, malicious payload in the 'routername' parameter. This can be done using a tool like Burp Suite to capture and modify the request.