D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-816 router, specifically in the 1.10CNB05 firmware version. The issue arises in the file '/goform/form2lansetup.cgi', where the 'ip' argument is manipulated, leading to a stack overflow. This vulnerability can be exploited remotely without authentication, causing the router to crash and disrupt service. The vulnerability affects products that are no longer supported by the maintainer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution. The vulnerability causes the router to crash, disrupting services and causing a persistent denial of service.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/form2lansetup.cgi' with an overly long 'ip' parameter. The router will crash, demonstrating the buffer overflow.