| عنوان | DLink dhp-1320 A1 v1.00WWB04 Stack-based Buffer Overflow |
|---|
| الوصف | The device's httpd service contains a stack-based buffer overflow vulnerability in its handling of SOAP-type CGI requests. When processing requests with the SOAPACTION: HNAP1 header, the function redirect_count_down_page() is invoked. This function utilizes unbounded string manipulation functions such as sprintf and strcpy to concatenate externally controlled input—including NVRAM configuration values and unsanitized data from SOAP requests—into a fixed-length stack buffer (e.g., char v83[1024], as identified through IDA Pro decompilation). Critically, no length validation or bounds checking is performed on the input data throughout this process. An attacker can trigger this vulnerability by crafting a malicious SOAP HTTP request featuring: (i) a valid SOAPACTION: HNAP1 header, (ii) a negative Content-Length header value, and (iii) an oversized payload of controlled data of sufficient length. Upon sending this request to the device's httpd service, a stack buffer overflow occurs, corrupting subsequent stack memory regions including the function's return address and resulting in immediate process crash. |
|---|
| المصدر | ⚠️ https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink |
|---|
| المستخدم | xiaobor123 (UID 76914) |
|---|
| ارسال | 06/03/2026 01:18 PM (2 أشهر منذ) |
|---|
| الاعتدال | 21/03/2026 08:42 AM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352317 [D-Link DHP-1320 1.00WWB04 SOAP redirect_count_down_page تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|