TOTOLINK A950RG Buffer Overflow Vulnerability in URL Filter Rules Interface Allowing Arbitrary Code Execution or Denial-of-Service

A buffer overflow vulnerability has been identified in the TOTOLINK A950RG router, specifically in firmware version V4.1.2cu.5204_B20210112. The issue arises in the 'setUrlFilterRules' interface of '/lib/cste_modules/firewall.so', where the 'url' parameter is inadequately validated for length. This flaw enables remote attackers to exploit the buffer overflow, potentially leading to arbitrary code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition or allow for arbitrary code execution on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/cgi-bin/cstecgi.cgi' with a crafted 'url' parameter that exceeds the buffer's length limit. This can be done using a web application that allows for the manipulation of HTTP request parameters, such as a custom script or a tool like Postman.