| عنوان | D-Link DWR-M920 1.1.50 Command Injection and Stack Buffer Overflow |
|---|
| الوصف | The /boafrm/formIMEISetup handler in the boa web server contains five independent OS command injection vulnerabilities and one stack buffer overflow, all reachable through the IMEI_value POST parameter. The parameter is read from the HTTP request and passed directly into sprintf() with an AT command format string, then executed via system() — without any sanitization, filtering, or length validation.
Each injection path is gated by a MIB module/lookup ID pair (sub_412DA0), which identifies the installed modem module (Quectel, Fibocom, Gosuncn, etc.). On a device with a supported modem, the matching path activates and the attacker-supplied IMEI_value flows into the shell. |
|---|
| المصدر | ⚠️ https://github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md |
|---|
| المستخدم | kkff33 (UID 62638) |
|---|
| ارسال | 18/05/2026 06:45 PM (20 أيام منذ) |
|---|
| الاعتدال | 05/06/2026 10:19 AM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 368882 [D-Link DWR-M920 حتى 1.1.50 /boafrm/formIMEISetup sub_412DA0 IMEI_value تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|