D-Link DIR-513 Stack-Based Buffer Overflow Vulnerability in the Easy Setup Wizard
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises within the 'formEasySetupWizard3' function of the '/goform/formEasySetupWizard3' file. The vulnerability is triggered by manipulating the 'wan_connected' parameter, which is processed by the 'boa' web server component. This flaw allows for remote exploitation, potentially leading to unauthorized code execution or a denial-of-service condition.
Impact
Exploitation of this vulnerability allows for stack-based buffer overflow, which can be leveraged to execute arbitrary code or cause a denial-of-service condition on the device.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/goform/formEasySetupWizard3' with a crafted 'wan_connected' parameter. The payload should be designed to overflow the stack buffer, which can be achieved by including a sufficient amount of data to exceed the buffer's capacity.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.