D-Link DI-8100 Stack-Based Buffer Overflow Vulnerability in jhttpd UPnP Control ASP

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in version 1.0. The issue arises in the jhttpd component within the UPnP control ASP file. The vulnerability is triggered by manipulating the remove_ext_proto or remove_ext_port parameters with excessively long strings, which the sprintf function improperly handles. This exploitation can be initiated remotely, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can allow for arbitrary code execution on the affected device.

Reproduction

To reproduce this vulnerability, send a crafted UPnP control request to the D-Link DI-8100 router that includes overly long strings in the remove_ext_proto or remove_ext_port parameters. The jhttpd component will process the request, and the sprintf function will inadvertently create a buffer overflow by writing the excessive data into the stack.