| Titolo | D-Link DAP-1620 1.03 Buffer Overflow |
|---|
| Descrizione | A critical vulnerability has been found in the D-Link DAP-1620 router with firmware version 1.03, affecting the `check_dws_cookie` function. This vulnerability occurs when processing HTTP requests with paths starting with "/storage", leading to a stack-based buffer overflow. The issue is made worse when `check_dws_cookie` calls the `mod_graph_auth_uri_handler` function, which uses an unsafe method to format the request address. If the request address is too long, it can cause a stack overflow. This allows an attacker to overwrite memory, potentially leading to device crashes, denial-of-service (DoS) conditions, or remote code execution, thereby compromising the router's security and the connected network. |
|---|
| Fonte | ⚠️ https://witty-maiasaura-083.notion.site/D-link-DAP-1620-mod_graph_auth_uri_handler-Vulnerability-1afb2f2a6361809ea7f2dc4df3b85f1f |
|---|
| Utente | Anonymous User |
|---|
| Sottomissione | 12/03/2025 04:56 (1 Anno fa) |
|---|
| Moderazione | 21/03/2025 21:28 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 300622 [D-Link DAP-1620 1.03 Authentication /storage mod_graph_auth_uri_handler buffer overflow] |
|---|
| Punti | 17 |
|---|