TOTOLINK A3002R Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in version 4.0.0-B20230531.1404. The issue arises within an unknown function of the file '/boafrm/formSysLog', related to the HTTP POST request handling. The vulnerability is triggered by manipulating the 'submit-url' argument, allowing for remote exploitation. This buffer overflow could potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, send a malicious HTTP POST request to the '/boafrm/formSysLog' endpoint, including a crafted 'submit-url' argument that exceeds the buffer size limitations. This can be done using tools like curl or Postman, or through a custom script that automates the process.