Shenzhen Libituo Technology LBT-T300-T310 Buffer Overflow Vulnerability in WAN Protocol Handling

A critical buffer overflow vulnerability has been identified in the Shenzhen Libituo Technology LBT-T300-T310 router, specifically in version 2.2.3.6. The issue arises in the 'at/appy.cgi' file, within the 'sub_40B6F0' function. The vulnerability is triggered by manipulating the 'wan_proto' parameter, which lacks proper data length validation. This oversight allows for a buffer overflow that can be exploited remotely.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/apply.cgi' endpoint. The request must include a 'wan_proto' parameter with a payload that exceeds the buffer length, bypassing any length restrictions. Additional parameters related to WAN configuration can also be included, but the key element for triggering the vulnerability is the 'wan_proto' parameter with an excessively long value.