Vendor:http://totolink.net/
Firmware:https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/259/ids/36.html
V2.0.0-B20230727.1043
sub_44A51C (handle function of formSysLog) of /bin/boa in firmware has buffer overflow vulnerability.
Parameter "submit_url" is read from HTTP request into $v0 then copied to $a1_1
$a1_1 is used as 2nd parameter in sub_40bddc at 0x44a5a4
arg2 is assigned to $s2, stack variable var_120 is constructed using sprintf. When arg2 has excessive length, this would result an stack buffer overflow.
I'm not able to provide full exploit for this vulnerability due to legal reasons.