D-Link DIR-825M Buffer Overflow Vulnerability in VPN Configuration Endpoint

A buffer overflow vulnerability has been identified in the D-Link DIR-825M router, specifically in firmware version 1.1.12. The issue arises in the '/boafrm/formVpnConfigSetup' endpoint, within the 'sub_4151FC' function. The vulnerability is caused by improper input validation on the 'submit-url' parameter, which allows remote attackers to send oversized values. This exploitation can overwrite stack memory, potentially leading to application crashes, memory corruption, and arbitrary code execution on the device.

Impact

Exploitation of this vulnerability can cause the router to crash, making the management interface inaccessible. Additionally, it can be exploited to execute arbitrary code, allowing an attacker to gain full control over the device. This could lead to monitoring network traffic or using the router as a pivot point to attack other devices on the network.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formVpnConfigSetup' endpoint with an oversized 'submit-url' parameter. This can be done using a tool like Burp Repeater, without any authentication.