TOTOLINK A3002R Buffer Overflow Vulnerability in Boa Web Server Allowing Denial-of-Service

A buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in version 4.0.0-B20230531.1404. The issue arises in the Boa web server, where the 'url' parameter of the 'formFilter' endpoint lacks proper length validation. This oversight allows attackers to inject crafted input, leading to a buffer overflow condition. Exploitation of this vulnerability causes the web server to crash, making the router's web interface unavailable.

Impact

Exploitation of this vulnerability causes the Boa web server to crash, disrupting access to the router's web interface.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'formFilter' endpoint with a 'url' parameter that contains an excessive amount of data, such as a long string of characters. This input bypasses the lack of length validation, causing a buffer overflow. The issue can be simulated in an environment with ASLR disabled, using a Python script to automate the injection of the malicious payload.