| Titre | D-Link DIR-825 C1_FW3.00b32 Buffer Overflow |
|---|
| Description | A stack-based buffer overflow exists in the `miniupnpd` implementation used by D-Link DIR-825. The issue is reachable through the LAN-side UPnP SOAP interface during `AddPortMapping` processing.
An attacker on the local network can send a crafted `AddPortMapping` request with an oversized `NewPortMappingDescription` value. When the request updates an existing port mapping, the description is written to a fixed-size stack buffer via `sprintf()` without length validation, leading to memory corruption. |
|---|
| La source | ⚠️ https://tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409e |
|---|
| Utilisateur | tian (UID 93438) |
|---|
| Soumission | 07/04/2026 13:06 (il y a 20 jours) |
|---|
| Modérer | 26/04/2026 09:38 (19 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 359644 [D-Link DIR-825 jusqu’à 3.00b32 miniupnpd upnpsoap.c AddPortMapping NewPortMappingDescription buffer overflow] |
|---|
| Points | 17 |
|---|