TOTOLINK A702R Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical buffer overflow vulnerability has been identified in the TOTOLINK A702R router, specifically in version 4.0.0-B20230721.1521. The vulnerability arises in the HTTP POST request handler for the file '/boafrm/formIpQoS', where the 'mac' argument can be manipulated to cause a buffer overflow. This issue can be exploited remotely, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can commonly lead to arbitrary code execution or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP POST request to the '/boafrm/formIpQoS' endpoint. The request must include a 'mac' argument with a payload that exceeds the buffer's capacity, causing a buffer overflow. This can be done using tools like Burp Suite or by writing a custom script that sends the appropriate HTTP request.