| Titel | D-Link DIR-825 Rev.B 2.10 Stack-based Buffer Overflow |
|---|
| Beschreibung | A stack-based buffer overflow vulnerability exists in the httpd web server of D-Link DIR-825 routers with firmware version Rev.B 2.10. A remote, unauthenticated attacker can exploit this to cause a denial of service.
The vulnerability is triggered when an attacker sends a request to the switch_language.cgi endpoint with an overly long string in the language parameter. This string is saved to the device's NVRAM. When a page that uses this language setting (like login.asp) is subsequently loaded, the server reads the malicious string from NVRAM and copies it into a small stack buffer without proper size validation, leading to an overflow and crashing the server. |
|---|
| Quelle | ⚠️ https://github.com/i-Corner/cve/issues/2 |
|---|
| Benutzer | iC0rner (UID 82839) |
|---|
| Einreichung | 02.07.2025 02:29 (vor 12 Monaten) |
|---|
| Moderieren | 07.07.2025 14:11 (5 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 315155 [D-Link DIR-825 2.10 httpd switch_language.cgi sub_410DDC Sprache Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|