D-Link DIR-513 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises in the 'formEasySetTimezone' function within the '/goform/formEasySetTimezone' file, part of the 'boa' component. The vulnerability allows for remote exploitation by manipulating the 'curTime' parameter, leading to potential denial-of-service conditions or arbitrary code execution.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which could be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formEasySetTimezone' endpoint. The request must include a 'curTime' parameter that is excessively long, exceeding the buffer's capacity. This can be done using a tool like 'curl' or through a web application that allows for custom HTTP requests.