TOTOLINK A7000R Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the TOTOLINK A7000R router, specifically in version 9.1.0u.6115_B20201022. The issue arises in the 'urldecode' function, where the 'ssid5g' parameter is processed without proper length validation. This flaw allows attackers to send crafted requests that cause a buffer overflow, overwriting adjacent stack data or the return address, and ultimately leading to a denial-of-service condition by causing the router to crash and fail to provide services correctly.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent failure to function correctly.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/cgi-bin/cstecgi.cgi' with an excessively long 'ssid5g' parameter. This can be done using a tool like QEMU to emulate the router's firmware or on a real device. The crafted request should include the long 'ssid5g' value, which triggers the stack overflow by overwriting the return address on the stack.