TOTOLink A7000R Stack Overflow Vulnerability in SSID Parameter Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the TOTOLink A7000R router, specifically in version V9.1.0u.6115_B20201022. The issue arises in the 'urldecode' function, where the 'ssid' parameter is processed without proper length validation. This flaw allows attackers to send crafted requests that cause a buffer overflow, overwriting adjacent stack data or the return address. The exploitation of this vulnerability results in a Denial-of-Service (DoS) condition, causing the router to crash and fail to provide services correctly.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent Denial-of-Service condition where the device cannot provide services correctly.

Reproduction

To reproduce this vulnerability, boot the router firmware on a QEMU virtual machine or a real device. Then, send a POST request to '/cgi-bin/cstecgi.cgi' with a crafted 'ssid' parameter that exceeds the buffer size. The router will crash, demonstrating the Denial-of-Service condition.