D-Link DI-8100 Buffer Overflow Vulnerability in File Extension Handler

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router running firmware version 16.07.26A1. The issue arises in the 'file_exten.asp' CGI script, specifically within the 'file_exten_asp' function. The vulnerability is triggered when the 'name' parameter is manipulated with an excessively long string during file extension configuration operations. This flaw allows authenticated attackers to execute arbitrary code on the device, potentially leading to complete compromise, a denial-of-service condition, or lateral movement within the network.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, allowing for arbitrary code execution on the device. The initial proof-of-concept exploitation crashes the HTTP service, creating a persistent denial-of-service condition until the device is manually rebooted.

Reproduction

The vulnerability can be reproduced by sending an HTTP POST request to the 'file_exten.asp' script with a crafted 'name' parameter that exceeds the stack buffer limit. This can be done using a script that automates the login process and then submits the oversized payload through the vulnerable CGI endpoint.