We found a stack buffer overflow vulnerability at **TEW-755AP (**Firmware version TEW755AP-FW113B01.bin).

In the handler function for action setup_wizard_mydlink (sub_4104B8) of the file /www/cgi/ssi, the value of sys_service is passed to function updown_services, then further passed to sub_41795c. In sub_41795c, this value is directly copied to stack buffer v12 without size check.

Similar to other vulnerabilities, an attacker can trigger this vulnerability by sending a very long string in the post data to apply.cgi, and finally can perform Remote Code Execution attack.

Fix Suggestion:

Use strncpy to avoid buffer overflow