D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.
The vulnerability is in the SetIPv6PppoeSettings module of prog.cgi.
The value of the HTTP request field “IPv6_PppoePassword ” is passed to be the parameter a2 of the decrypt_aes. In decrypt_aes, this value and a stack space v6 are passed to sub_4270F4.
In sub_4270F4, there is a loop copying above a2 to the space of above v6. The lack of copying length limitation can lead to a buffer overflow.
