Edimax EW-7438RPn Buffer Overflow Vulnerability in Wireless Configuration Form

A buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, affecting versions prior to 1.31. The issue arises in the 'formWirelessTbl' function within the 'webs' component, where the 'submit-url' parameter is not properly validated before being copied to a local variable on the stack. This oversight allows remote attackers to manipulate the 'submit-url' argument, leading to a stack overflow that can potentially be exploited to execute arbitrary code. The vulnerability has been publicly disclosed and is available for exploitation.

Impact

Exploitation of this vulnerability causes the device to crash, disrupting its normal functioning and service availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formWirelessTbl' with a 'submit-url' parameter that contains a payload designed to overflow the stack. The request should include the necessary headers, such as 'Authorization' for basic admin access. Once the router processes the request, it will crash and fail to provide services correctly, leading to a persistent disruption.