Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the 'formHwSet' function within the 'webs' binary, where several parameters, including 'Anntena', 'Mcs', 'regDomain', 'nic0Addr', 'nic1Addr', 'wlanAddr', 'wanAddr', 'wlanSSID', 'wlanChan', 'initgain', 'txcck', 'txofdm', and 'submit-url', are not properly validated before being processed. This lack of input validation allows remote attackers to manipulate these parameters, leading to a buffer overflow that can overwrite the function's return address and potentially execute arbitrary code. Exploitation of this vulnerability causes the device to crash and disrupts its normal functioning.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected device. However, in the case of this vulnerability, the exploitation causes the device to crash and disrupts its normal operation.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formHwSet' with overly long data in the 'Anntena' parameter. This unvalidated input will cause a stack overflow, crashing the router and disrupting its services.