| Titolo | D-Link DIR-825 Rev.B 2.10 Stack-based Buffer Overflow |
|---|
| Descrizione | A stack-based buffer overflow vulnerability exists in the httpd web server of D-Link DIR-825 routers with firmware version Rev.B 2.10. A remote, unauthenticated attacker can exploit this to cause a denial of service.
The vulnerability is triggered when an attacker sends a request to the switch_language.cgi endpoint with an overly long string in the language parameter. This string is saved to the device's NVRAM. When a page that uses this language setting (like login.asp) is subsequently loaded, the server reads the malicious string from NVRAM and copies it into a small stack buffer without proper size validation, leading to an overflow and crashing the server. |
|---|
| Fonte | ⚠️ https://github.com/i-Corner/cve/issues/2 |
|---|
| Utente | iC0rner (UID 82839) |
|---|
| Sottomissione | 02/07/2025 02:29 (12 mesi fa) |
|---|
| Moderazione | 07/07/2025 14:11 (5 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 315155 [D-Link DIR-825 2.10 httpd switch_language.cgi sub_410DDC Lingua buffer overflow] |
|---|
| Punti | 20 |
|---|