TOTOLINK A702R Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical buffer overflow vulnerability has been identified in the TOTOLINK A702R router, specifically in version 4.0.0-B20230721.1521. The vulnerability arises in the HTTP POST request handler for the route '/boafrm/formOneKeyAccessButton', where the 'submit-url' argument can be manipulated to cause a buffer overflow. This issue can be exploited remotely, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can commonly lead to arbitrary code execution or a denial-of-service condition. In this case, the vulnerability has been reported to cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP POST request to the '/boafrm/formOneKeyAccessButton' endpoint. The request must include a 'submit-url' parameter that is manipulated to exceed the buffer size, causing a buffer overflow. This can be done using a variety of tools that allow for the customization of HTTP requests, such as Postman or curl.