Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'check_port_conflict' function within the file '/goform/check_port_conflict'. Remote attackers can exploit this issue by manipulating the 'single_port_rule' or 'port_range_rule' arguments, leading to a buffer overflow that could be used to execute arbitrary code. This vulnerability has been publicly disclosed, with an exploit available.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/check_port_conflict' with an excessively long 'single_port_rule' value. This overloads the stack, causing a buffer overflow that crashes the router.