Linksys Extenders Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 extenders, all running specific firmware versions. The vulnerability arises in the 'setPWDbyBBS' function within the '/goform/setPWDbyBBS' file, where the 'hint' argument is manipulated, leading to a stack overflow. This issue can be exploited remotely, causing the device to crash and disrupt service. The vulnerability is critical, with an available public exploit.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution. The vulnerable extenders crash and fail to provide services correctly and persistently.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setPWDbyBBS' with a 'hint' parameter that exceeds the buffer limit. The request should include a valid session cookie. The extender will crash, demonstrating the buffer overflow.