Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the 'formConnectionSetting' function within the 'webs' binary, where the 'max_Conn' and 'timeOut' parameters are not properly validated. This lack of input sanitization allows remote attackers to manipulate these arguments, leading to a buffer overflow that can be exploited to execute arbitrary code. The vulnerability has been publicly disclosed and could be used in attacks.

Impact

Exploitation of this vulnerability causes the device to crash, disrupting its normal functioning and service availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/formConnectionSetting' with overly long 'max_Conn' and 'timeOut' parameters. The excessive length of the 'max_Conn' input, for example, can overwrite the return address on the stack, causing a buffer overflow.