Totolink A800R Buffer Overflow Vulnerability in setAppEasyWizardConfig Function

A buffer overflow vulnerability has been identified in the Totolink A800R router running firmware version 4.1.2cu.5137_B20200730. The issue arises in the 'setAppEasyWizardConfig' function within the '/lib/cste_modules/app.so' library. The vulnerability is caused by improper validation of the 'apcliSsid' parameter, which allows remote attackers to exploit the buffer overflow. This exploitation could lead to arbitrary code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can overwrite adjacent memory on the stack. This memory corruption can result in a process crash, causing a denial-of-service condition, or it could be leveraged for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/cgi-bin/cstecgi.cgi' with an excessively long 'apcliSsid' value. This can be done using a web browser or a tool like curl, by specifying the 'apcliSsid' parameter in the request body. The 'Content-Type' should be set to 'application/x-www-form-urlencoded; charset=UTF-8'.