Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the 'formWlSiteSurvey' function within the 'webs' component, where the 'selSSID' and 'submit-url' parameters are not properly validated. This lack of input sanitization allows remote attackers to send overly long data, causing a buffer overflow that can be exploited to execute arbitrary code. The vulnerability has been publicly disclosed and is reportedly exploitable.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formWlSiteSurvey' with the 'submit-url' parameter containing a payload of excessive length. The router will crash, demonstrating the buffer overflow. This can be done using a tool like Burp Suite or by crafting a manual HTTP request that includes the oversized 'submit-url' parameter.