Описание
An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:dir-806_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-806:-:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00583
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.
EPSS
Процентиль: 68%
0.00583
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-787