D-Link DI-8100 Web Management Interface Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in the web management interface file '/url_member.asp'. This vulnerability arises from the 'name' parameter, which can be manipulated to overflow a fixed-size stack buffer. The issue can be exploited remotely, potentially leading to memory corruption, a process crash, and allowing for remote code execution.

Impact

Exploitation of this vulnerability causes memory corruption and process crashes, with the potential for remote code execution.

Reproduction

To reproduce this vulnerability, log into the router's web interface and navigate to the '/url_member.asp' page. Once there, initiate an 'add' operation by sending a POST request that includes a crafted 'name' parameter. This parameter should contain an excessively long string, which will overflow the stack buffer and trigger the vulnerability.