D-Link DWR-M960 Stack-Based Buffer Overflow Vulnerability in Advanced Firewall Configuration Endpoint
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960 router, specifically in the Advanced Firewall configuration endpoint '/boafrm/formFirewallAdv' on firmware version 1.01.07. The vulnerability arises in the function 'sub_425FF8', where the 'submit-url' parameter is processed without proper length validation. This oversight allows remote attackers to send oversized 'submit-url' values, leading to memory corruption that could overwrite critical data and potentially execute arbitrary code with elevated privileges.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition by crashing the web server or rebooting the device. Additionally, it could allow for arbitrary code execution by overwriting function pointers or control structures in memory, hijacking the execution flow to run malicious code with root privileges.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/boafrm/formFirewallAdv' with the 'save_apply' parameter and an oversized 'submit-url' parameter. This can be done using a tool like Burp Suite to intercept and modify the request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.