TOTOLINK A702R Buffer Overflow Vulnerability in HTTP POST Request Handler

A critical buffer overflow vulnerability has been identified in the TOTOLINK A702R router, specifically in version 4.0.0-B20230721.1521. The vulnerability resides within the HTTP POST request handler, in the file '/boafrm/formPortFw'. It is triggered by manipulating the 'service_type' argument, which leads to a stack-based buffer overflow. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP POST request to the '/boafrm/formPortFw' endpoint. The request must include a 'service_type' argument filled with excessive data, exceeding the buffer's capacity. This can be done using tools like curl or Postman, or through a simple script that automates the process.