TOTOLINK A3002RU Stack-Based Buffer Overflow Vulnerability in the boa Service via the formDnsv6 Function

A stack-based buffer overflow vulnerability has been identified in the TOTOLINK A3002RU router, specifically in version V2.1.1-B20211108.1455. The issue arises in the boa web server interface, where user input is not properly validated. This vulnerability can be exploited by authenticated attackers who send specially crafted requests, potentially leading to pointer manipulation or arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be used to manipulate the execution flow of the program, possibly leading to arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a request to the router's boa service interface with the 'routernamer' parameter in the 'formDnsv6' function. When the 'submit' parameter is set to 'Save', the router will copy the 'routernamer' input directly using 'strcpy', without proper input validation. This oversight creates a stack overflow condition by allowing excessive data to overwrite the stack.