Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'scheduleAdd' function, where the 'ruleName' parameter is not properly validated, allowing remote attackers to manipulate the input and overflow the stack. This exploitation can lead to arbitrary code execution.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/scheduleAdd' endpoint. The 'ruleName' parameter must be filled with a payload that exceeds the buffer limit, such as a long string of characters. This unvalidated input will overwrite the return address on the stack, causing a buffer overflow.