D-Link DIR-632 Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-632 router, specifically in the firmware version FW103B08. The issue arises in the HTTP POST request handler, within the function FUN_00425fd8, located in the file /biurl_grou. This vulnerability can be exploited remotely by sending a specially crafted POST request, and it affects a product that is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP POST request to the router's /biurl_grou endpoint. The request must be designed to overflow the buffer in the FUN_00425fd8 function, taking advantage of the lack of proper bounds checking.