Edimax EW-7438RPn Buffer Overflow Vulnerability in formWizSurvey Function

A stack overflow vulnerability has been identified in the Edimax EW-7438RPn Wi-Fi extender, affecting versions through 1.31. The issue arises in the 'formWizSurvey' function of the 'webs' component, where user-supplied arguments such as 'ssid', 'manualssid', 'ip', 'mask', and 'gateway' are not properly validated. This lack of input sanitization allows remote attackers to manipulate these fields, leading to a buffer overflow by overwriting the return address on the stack. The vulnerability can be exploited remotely, causing the device to crash and disrupt normal service.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution. However, in this case, the vulnerability causes the device to crash and become unresponsive.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formWizSurvey' with overly long data in the 'ssid', 'manualssid', 'ip', 'mask', or 'gateway' fields. This can be done using a web browser or a tool like curl, by including the excessive data in the request body. The router will crash, demonstrating the buffer overflow.