D-Link DIR-513 Buffer Overflow Vulnerability in Boa Webserver
Vulnerability
A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.0. The issue arises within the Boa Webserver component, in the function 'sprintf' of the file '/goform/formLanSetupRouterSettings'. The vulnerability is triggered by manipulating the 'curTime' parameter, leading to a stack-based overflow that can be exploited remotely. This vulnerability affects products that are no longer supported by the maintainer.
Impact
Exploitation of this vulnerability causes a segmentation fault, crashing the Boa process. Additionally, under certain conditions, the buffer overflow can be exploited to execute arbitrary code, potentially allowing an attacker to gain control over the device.
Reproduction
To reproduce this vulnerability, send a POST request to the '/goform/formLanSetupRouterSettings' endpoint. Include an overly long value for the 'curTime' parameter in the request body. The lack of input length validation will allow the buffer overflow to occur, overwriting the return address on the stack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.