Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'urlFilterManageRule' function of the '/goform/urlFilterManageRule' file, where the 'urlFilterRuleName', 'scheduleUrl', and 'addURLFilter' parameters are not properly validated. This lack of input sanitization allows remote attackers to manipulate these arguments, leading to a buffer overflow that could potentially be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/urlFilterManageRule' endpoint. The request must include excessively long data in the 'urlFilterRuleName' parameter, which will cause the router to crash. This can be done using a web browser or a tool that allows for the manipulation of HTTP request data.