D-Link DIR-665 Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-665 router, specifically in version 1.00. The issue arises in the HTTP POST request handler, within a function called sub_AC78. The vulnerability can be exploited remotely by sending a specially crafted POST request that exceeds the buffer's capacity, leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which can commonly lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the router that includes a payload designed to overflow the buffer in the sub_AC78 function. This can be done using a Python script that connects to the router's web server, sends the crafted request, and then receives the response.