TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetRoute' function within the '/goform/formSetRoute' file, where the 'ip', 'mask', and 'gateway' parameters are not properly validated. This lack of input sanitization allows for excessive data to be sent, overwriting the return address and potentially leading to arbitrary code execution. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formSetRoute' with overly long 'ip' parameter data. This can be done using a web browser or a tool like curl, ensuring that the 'Content-Type' is set to 'application/x-www-form-urlencoded'. The request must include authorization credentials for an admin user.