D-Link DWR-M960 Stack-Based Buffer Overflow Vulnerability in Operation Mode Configuration Endpoint

A stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M960 router, specifically in the Operation Mode configuration endpoint (/boafrm/formOpMode) on firmware version 1.01.07. The vulnerability arises in the function sub_462590, where the 'submit-url' parameter is processed. The function lacks proper input validation, allowing remote attackers to exploit this flaw by sending oversized 'submit-url' values, leading to memory corruption.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, where the device becomes unresponsive or crashes. Additionally, it could allow for arbitrary code execution by overwriting critical memory areas, such as function pointers, and hijacking the execution flow to run malicious code with elevated privileges.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formOpMode' endpoint. The request must include a valid 'mode' parameter to pass the initial validation check, along with an oversized 'submit-url' parameter. This can be done using a tool like Burp Suite to intercept and modify the request.