Submit #607311: D-Link DI-500WF DI 500WF-17.04.10A1T Stack-based Buffer Overflowinfo

TitelD-Link DI-500WF DI 500WF-17.04.10A1T Stack-based Buffer Overflow
BeschreibungDuring security analysis of the D-Link DI-500WF firmware, a critical stack buffer overflow was discovered in the ip_position.asp interface. The vulnerability stems from improper handling of the 'ip' parameter in HTTP GET requests. The vulnerable function fails to validate the length of user-supplied input before copying it to a fixed-size stack buffer using sprintf(). This allows attackers to overwrite the return address and potentially control program execution flow.
Quelle⚠️ https://github.com/BigMancer/CVE/issues/1
Benutzer
 BluesCat (UID 87333)
Einreichung01.07.2025 16:09 (vor 10 Monaten)
Moderieren07.07.2025 10:42 (6 days later)
StatusAkzeptiert
VulDB Eintrag315133 [D-Link DI-500WF 17.04.10A1T jhttpd ip_position.asp sprintf ip Pufferüberlauf]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!