D-Link DIR-513 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DIR-513 router, specifically in version 1.10. The issue arises in the 'formSetEmail' function within the '/goform/formSetEmail' file, where user-provided input is not properly validated before being processed. This vulnerability can be exploited remotely, potentially leading to unauthorized code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for stack-based buffer overflow, which can commonly lead to arbitrary code execution or causing the device to crash, disrupting its normal operation.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formSetEmail' with a crafted 'config.smtp_email_subject' parameter. The payload should be designed to exceed the buffer size, causing a stack-based overflow.