TOTOLINK A3002RU Stack-Based Buffer Overflow Vulnerability in the boa Service

A stack-based buffer overflow vulnerability has been identified in the TOTOLINK A3002RU router, specifically in versions through V2.1.1-B20211108.1455. The issue arises in the boa service interface, where user input is not properly validated. Authenticated attackers can exploit this vulnerability by sending crafted requests that include oversized data in the 'vpnUser' or 'vpnPassword' parameters. This exploitation can lead to pointer manipulation or potentially allow arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be used to manipulate the execution flow of the program, potentially leading to arbitrary code execution.

Reproduction

To reproduce this vulnerability, send a request to the router's boa service interface with the 'vpnUser' or 'vpnPassword' parameters. Include a payload that exceeds the buffer size, which will trigger the stack-based buffer overflow. This can be done using a variety of tools that allow for crafting HTTP requests, such as Burp Suite or custom scripts.