TOTOLINK A7000R Stack Overflow Vulnerability Leading to Denial-of-Service

A stack overflow vulnerability has been identified in the TOTOLINK A7000R router, specifically in version 9.1.0u.6115_B20201022. The issue arises in the sub_421A04 function, where the wifiOff parameter can be manipulated to bypass input length restrictions. This flaw allows attackers to craft requests that cause a buffer overflow, overwriting adjacent stack data or the return address, and ultimately leading to a denial-of-service condition by causing the device to crash and fail to provide services properly.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and causing a persistent failure to function correctly.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /cgi-bin/cstecgi.cgi endpoint. The request must include a crafted ssid parameter that is excessively long, along with the wifiOff parameter set to '0'. This can be done using a tool like QEMU to emulate the router's firmware or by testing on a real device.