D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816 router, specifically in the 1.10CNB05 firmware version. The issue arises in the 'qosClassifier' function within the file '/goform/qosClassifier', where the 'dip_address' and 'sip_address' parameters are vulnerable to manipulation. This vulnerability allows remote attackers to cause a denial of service by crashing the router, with the potential for arbitrary code execution. The vulnerability exists in a product that is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing the router to crash and disrupt normal service. This type of buffer overflow can often be exploited to execute arbitrary code.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/qosClassifier' with the 'sip_address' parameter containing a long string. The router will crash, indicating successful exploitation.