| Title | D-Link DIR-823X 240126、240802 NULL Pointer Dereference |
|---|
| Description | This vulnerability exists in the set_wifi_blacklists function of the DIR-823X router.
The vulnerability is triggered by sending a specially crafted POST request (for example, containing macList="jX%n") which causes memory access anomalies when the server parses these malicious parameters. Specifically, during processing, the code attempts to dereference an invalid memory address, causing the program to crash. This vulnerability is related to the passing of the macList parameter and the execution of the strlen function. The input data is not sufficiently validated and processed, allowing attackers to exploit this vulnerability. |
|---|
| Source | ⚠️ https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73 |
|---|
| User | hand_king (UID 77354) |
|---|
| Submission | 01/26/2025 07:03 AM (5 months ago) |
|---|
| Moderation | 02/07/2025 10:37 AM (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 294933 [D-Link DIR-823X 240126/240802 HTTP POST Request set_wifi_blacklists macList null pointer dereference] |
|---|
| Points | 17 |
|---|