TOTOlink A3600R Buffer Overflow Vulnerability in setAppEasyWizardConfig Interface Allowing Arbitrary Code Execution or Denial-of-Service

A buffer overflow vulnerability has been identified in the TOTOlink A3600R router, specifically in firmware version V5.9c.4959. The issue arises in the setAppEasyWizardConfig interface within /lib/cste_modules/app.so. The vulnerability is caused by improper length validation of the rootSsid parameter, which allows remote attackers to exploit the buffer overflow. This exploitation could lead to arbitrary code execution or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability can result in a buffer overflow, with potential consequences of arbitrary code execution or causing the device to crash.

Reproduction

To reproduce this vulnerability, send an HTTP request to the TOTOlink A3600R router's setAppEasyWizardConfig interface. Include a rootSsid parameter with a value that exceeds the buffer's length limit. The lack of proper length validation will trigger the buffer overflow by overwriting adjacent memory on the stack. Under certain conditions, this could allow for control flow hijacking.