| Título | DLink dhp-1320 A1 v1.00WWB04 Stack-based Buffer Overflow |
|---|
| Descripción | The device's httpd service contains a stack-based buffer overflow vulnerability in its handling of SOAP-type CGI requests. When processing requests with the SOAPACTION: HNAP1 header, the function redirect_count_down_page() is invoked. This function utilizes unbounded string manipulation functions such as sprintf and strcpy to concatenate externally controlled input—including NVRAM configuration values and unsanitized data from SOAP requests—into a fixed-length stack buffer (e.g., char v83[1024], as identified through IDA Pro decompilation). Critically, no length validation or bounds checking is performed on the input data throughout this process. An attacker can trigger this vulnerability by crafting a malicious SOAP HTTP request featuring: (i) a valid SOAPACTION: HNAP1 header, (ii) a negative Content-Length header value, and (iii) an oversized payload of controlled data of sufficient length. Upon sending this request to the device's httpd service, a stack buffer overflow occurs, corrupting subsequent stack memory regions including the function's return address and resulting in immediate process crash. |
|---|
| Fuente | ⚠️ https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink |
|---|
| Usuario | xiaobor123 (UID 76914) |
|---|
| Sumisión | 2026-03-06 13:18 (hace 2 meses) |
|---|
| Moderación | 2026-03-21 08:42 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 352317 [D-Link DHP-1320 1.00WWB04 SOAP redirect_count_down_page desbordamiento de búfer] |
|---|
| Puntos | 20 |
|---|