D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-619L router, specifically in the 2.06B01 firmware version. The issue arises in the 'formAdvanceSetup' function of the '/goform/formAdvanceSetup' file, where the 'webpage' argument is manipulated, leading to a stack overflow. This vulnerability can be exploited remotely, causing the router to crash and disrupt normal service. The flaw is particularly concerning as it allows for arbitrary code execution by overwriting the return address of the function.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting services and causing a persistent denial of service condition.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formAdvanceSetup' with a 'webpage' parameter that contains a long string. The excessive length of the input will cause a stack overflow by overwriting the return address, leading to a crash of the router.