Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'addStaProfile' function within the '/goform/addStaProfile' file. Attackers can exploit this issue by manipulating several input parameters, including 'profile_name', 'Ssid', 'wep_key_1', 'wep_key_2', 'wep_key_3', 'wep_key_4', 'wep_key_length', 'wep_default_key', 'cipher', and 'passphrase'. The exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for remote code execution.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/addStaProfile' endpoint. The request must include an excessively long 'profile_name' parameter, which will cause the router to crash. This can be done using a web browser or a tool that allows for the manipulation of HTTP requests.