D-Link DIR-823G Buffer Overflow Vulnerability in FillMacCloneMac Parameter Allowing Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-823G A1 v1.0.2B05 router. The issue arises in the FillMacCloneMac parameter of the /EXCU_SHELL endpoint, where excessive data can be sent, leading to a denial-of-service condition. The vulnerability is triggered during the processing of HTTP requests, specifically when the Command1 header is manipulated with overly large input, causing a buffer overflow through string concatenation.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending an HTTP POST request to the /EXCU_SHELL endpoint. The request must include the Command1 header, which should be set to 'FillMacCloneMac' followed by a large payload of repeated characters to overflow the buffer. The response can be monitored for the status code and any returned text to confirm the exploitation attempt.