D-Link DIR-825M Buffer Overflow Vulnerability in WAN Configuration Endpoint

A buffer overflow vulnerability has been identified in the D-Link DIR-825M router, specifically in firmware version 1.1.12. The issue arises in the '/boafrm/formWanConfigSetup' endpoint, within the 'sub_414BA8' function. The vulnerability allows remote attackers to manipulate the 'submit-url' parameter, leading to stack memory overwriting. This could cause application crashes, memory corruption, and potentially enable arbitrary code execution on the device.

Impact

Exploitation of this vulnerability can cause the router to crash, making the management interface inaccessible. Additionally, it could allow an attacker to execute arbitrary code, potentially taking full control of the device. Such access could be used to monitor network traffic or launch attacks on other devices within the network.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formWanConfigSetup' endpoint with an oversized 'submit-url' parameter. This can be done using a tool like Burp Repeater. The request should include the necessary headers and cookies to mimic a legitimate user session.