D-Link DI-8100 Buffer Overflow Vulnerability in jhttpd Component

A critical buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in version 16.07.21. The issue arises within the jhttpd component, in the file '/pppoe_base.asp'. The vulnerability is triggered by manipulating the 'mschap_en' argument, leading to a stack-based overflow. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition by crashing the jhttpd process.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/pppoe_base.asp' endpoint. The request must include the 'mschap_en' parameter, which should be set to a value that exceeds the expected buffer size, effectively causing a stack overflow. This can be done after logging in with valid credentials, as the 'jhttpd' process must be running to successfully exploit the vulnerability.