Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability in DisablePasswordAlertRedirect Function

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers running specific firmware versions. The vulnerability arises in the DisablePasswordAlertRedirect function, where the 'hint' parameter is not properly validated, allowing remote attackers to manipulate the input and overflow the stack. This exploitation can lead to arbitrary code execution. The vulnerability causes the router to crash, disrupting service availability.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent denial of service.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/DisablePasswordAlertRedirect endpoint with an excessively long 'hint' parameter. This unvalidated input overloads the stack, overwriting the return address and causing a buffer overflow, which can be exploited to execute arbitrary code.