BufferOverflow-V4.1.2cu.5182_B20201026

[CVE-ID]

[PRODUCT]

TOTOLINK

[Vendor of Product]

https://www.totolink.net/

[VERSION]

V4.1.2cu.5182_B20201026

[Firmware]

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html

[Vulnerability Type]

BufferOverflow

[Description]

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi

The v5 parameter's data originates from user-supplied input through v14. In the code implementation, the user-controllable v5 data is copied into v27 without proper input validation or length restrictions, leading to a buffer overflow vulnerability. A practical example can be demonstrated with the payload structure: payload=aaa....aaa/bbb...bbb/ccc...ccc. When the "ccc...ccc" segment exceeds 132 bytes, it will trigger the buffer overflow condition.