D-Link DIR-513 Buffer Overflow Vulnerability in Web Interface

A critical buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises in the web interface function 'formSetWanPPPoE', where the 'curTime' parameter is processed without proper length validation. This oversight allows for the injection of excessively long inputs, leading to a stack overflow. The vulnerability can be exploited remotely, potentially causing a denial-of-service condition and, with further exploitation, allowing attackers to gain shell access.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to a denial-of-service condition and potentially allow for remote code execution by gaining shell access on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formSetWanPPPoE' endpoint. The request must include a 'curTime' parameter with a payload that exceeds the expected length, bypassing any length checks. This can be done using a web browser or a tool like curl, by specifying the 'curTime' parameter in the request body. The lack of proper input validation will trigger the buffer overflow vulnerability.

Remediation

No official patch or mitigation is available. It is recommended to replace the affected device with a different model.