D-Link DIR-513 Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, affecting firmware versions through 1.10. The issue arises in the HTTP POST request handler, specifically within the 'formSetWanL2TPcallback' function of the '/goform/formSetWanL2TPtriggers' file. The vulnerability can be exploited remotely, potentially leading to a denial-of-service condition or, with further exploitation, unauthorized shell access.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can disrupt the normal operation of the device and potentially allow for remote code execution.

Reproduction

The vulnerability can be reproduced by sending a crafted POST request to the '/goform/formSetWanL2TP' endpoint. The request must include an oversized 'curTime' parameter, which is not properly validated before being processed. This causes a stack overflow that can crash the device or, with additional exploitation, provide shell access.

Remediation

It is recommended to add length validation for the 'curTime' parameter in the 'formSetWanL2TP' function to prevent buffer overflow.