| Titre | D-Link DIR-513 1.10 Buffer Overflow |
|---|
| Description | A classic stack-based buffer overflow vulnerability exists in the Web interface of the D-Link DIR-513 router when processing the formEasySetupWWConfig endpoint. The vulnerability originates from the formEasySetupWWConfig function (at memory address 0x44887c), which fails to perform rigorous boundary checks on user-supplied input.
Specifically, the program retrieves the value of the curTime parameter from an HTTP POST request using the websGetVar function. This parameter is then directly passed to the unsafe sprintf function to construct a string for redirection or information display, which is stored in a local stack buffer v97 with a fixed size of only 200 bytes.
Because there is no validation of the length of curTime, an attacker can craft a malicious, overlong string (exceeding 516 bytes to reach the return address location). When this string is written into the stack memory, it overflows the pre-allocated buffer and overwrites the function's return address. This allows an attacker to hijack the program's control flow, leading to a device crash (Denial of Service) or the execution of arbitrary remote code with elevated privileges on the device. |
|---|
| La source | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/tree/main/DIR-513/formEasySetupWWConfig |
|---|
| Utilisateur | AttackingLin (UID 88138) |
|---|
| Soumission | 06/03/2026 04:20 (il y a 1 mois) |
|---|
| Modérer | 20/03/2026 09:27 (14 days later) |
|---|
| Statut | Dupliqué |
|---|
| Entrée VulDB | 348873 [D-Link DIR-513 1.10 formEasySetupWWConfig curtime buffer overflow] |
|---|
| Points | 0 |
|---|