D-Link DIR-513 Stack-Based Buffer Overflow Vulnerability in Boa Webserver
Vulnerability
A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises within the Boa webserver component, in the 'formSetWanNonLogin' function. The vulnerability is triggered when a remote attacker sends a crafted POST request to the '/goform/formSetWanNonLogin' endpoint. The 'curTime' parameter in the request is not properly validated before being used in a 'sprintf' function call, allowing for the injection of an overly long value that overwrites the stack. This vulnerability affects devices that are no longer supported by D-Link.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.
Reproduction
To reproduce this vulnerability, send a POST request to the '/goform/formSetWanNonLogin' endpoint with an overly long 'curTime' parameter. The Boa webserver will process the request, and the 'sprintf' function will use the 'curTime' value without proper length validation, causing a stack-based buffer overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.