| शीर्षक | D-Link DIR-513 1.10 Buffer Overflow |
|---|
| विवरण | The DIR-513 device utilizes the boa program to provide web services. During initialization through the websAspInit function, the program establishes a series of callback APIs. A POST request to the /goform/formSetWanPPPoE path triggers the formSetWanPPPoE callback function, which retrieves the curTime parameter from the request body. This parameter is subsequently processed in the sprintf(v12, "%s?t=%s", last_url, Var); statement, where it gets concatenated into a stack variable. Due to the absence of length validation for curTime, an excessively long input can trigger a stack overflow vulnerability, potentially leading to denial of service. With further exploitation, this vulnerability could enable attackers to obtain shell access. |
|---|
| स्रोत | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSetWanL2TP.md |
|---|
| उपयोगकर्ता | AttackingLin (UID 88138) |
|---|
| सबमिशन | 22/07/2025 04:57 PM (9 महीनों पहले) |
|---|
| संयम | 25/07/2025 09:32 AM (3 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 317582 [D-Link DIR-513 1.10 /goform/formSetWanPPPoE websAspInit curTime बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|