D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.
The vulnerability is in the SetWanSettings module of prog.cgi.
When setting PPPoE, the value of the HTTP request field “Password ” is passed to be the parameter a2 of the decrypt_aes.
The situation is similar when setting PPTP and L2TP in SetWanSettings module.
In decrypt_aes, this value and a stack space v6 are passed to sub_4270F4.
In sub_4270F4, there is a loop copying above a2 to the space of above v6. The lack of copying length limitation can lead to a buffer overflow.
