D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-619L router running firmware version 2.06B01. The issue arises in the 'form_portforwarding' function of the '/goform/form_portforwarding' file, where the 'ingress_name_%d', 'sched_name_%d', and 'name_%d' arguments can be manipulated. This vulnerability allows remote attackers to execute arbitrary code by overwriting the stack with specially crafted input. The router's lack of support from the manufacturer further exacerbates the risk.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the '/goform/form_portforwarding' endpoint with overly long values for the 'ingress_name_%d', 'sched_name_%d', and 'name_%d' parameters. The excessive length of the input will cause a stack-based buffer overflow, potentially leading to arbitrary code execution.