TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability in Password Management Function

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the 'formSetPassword' function within the 'boa' binary, where the 'webpage' parameter is not properly validated before being copied to a local variable on the stack. This lack of input validation allows for excessive data to overwrite the return address, potentially leading to arbitrary code execution. The vulnerability can be exploited remotely, causing the router to crash and disrupt its normal service.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a denial of service where the device fails to function correctly or provide services.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formSetPassword' with the 'webpage' parameter filled with a long string. This excessive input will cause the router to crash, as it overwhelms the stack and disrupts normal operations.