D-Link DI-7001 MINI Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-7001 MINI router, in firmware versions through 19.09.19A1. The issue arises in the API component, specifically within the 'httpd_debug.asp' file. The vulnerability is triggered by manipulating the 'Time' parameter, which is not properly validated before being processed by the 'sprintf' function. This oversight allows remote attackers to overflow a fixed-size buffer, potentially leading to arbitrary code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can lead to arbitrary code execution or a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'httpd_debug.asp' endpoint with an overly long 'time' parameter value. This can be done using a web browser or a tool like curl, by specifying the 'time' parameter in the request body. The crafted payload should be long enough to exceed the buffer size, causing the overflow.