D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-619L router, specifically in the 2.06B01 firmware version. The issue arises in the 'formdumpeasysetup' function within the file '/goform/formdumpeasysetup'. The vulnerability can be exploited remotely by manipulating the 'curTime' and 'config.save_network_enabled' arguments, potentially leading to arbitrary code execution. This vulnerability affects a product that is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, which could be used to execute arbitrary code on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the '/goform/formdumpeasysetup' endpoint with crafted 'curTime' and 'config.save_network_enabled' parameters. The input should be sufficiently long to overflow the stack buffer, which could then be exploited to execute arbitrary code.