Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the 'formAccept' function of the '/goform/formAccept' file, where the 'submit-url' parameter is not properly validated. This lack of input sanitization allows remote attackers to manipulate the 'submit-url' argument, leading to a buffer overflow by overwriting the return address on the stack. The vulnerability can be exploited remotely, causing the device to crash and disrupt normal services. Furthermore, the public availability of the exploit raises the risk of potential attacks.

Impact

Exploitation of this vulnerability causes the device to crash, disrupting services and causing a persistent denial of functionality.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formAccept' with a 'submit-url' parameter that contains a payload designed to overflow the buffer. The input should be crafted to exceed the buffer's capacity, ultimately overwriting the return address on the stack. Once the router processes the request, it will crash and fail to provide services correctly.