Linksys E1700 Stack-Based Buffer Overflow Vulnerability in QoS Setup Function

A stack-based buffer overflow vulnerability has been identified in the Linksys E1700 router running firmware version 1.0.0.4.003. The issue arises in the QoSSetup function of the file /goform/QoSSetup, where the ack_policy parameter is vulnerable to manipulation. This lack of input validation allows remote attackers to overwrite the stack, potentially leading to arbitrary code execution. Exploitation of this vulnerability causes the router to crash, disrupting its normal service.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing the router to crash and fail to provide services correctly and persistently.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/QoSSetup endpoint. The request must include a long string in the ack_policy parameter, which will overflow the buffer and crash the router. This can be done using a web browser or a tool like curl, with the appropriate headers and authorization.