| タイトル | D-Link DIR-823X 240126、240802 NULL Pointer Dereference |
|---|
| 説明 | This vulnerability exists in the set_wifi_blacklists function of the DIR-823X router.
The vulnerability is triggered by sending a specially crafted POST request (for example, containing macList="jX%n") which causes memory access anomalies when the server parses these malicious parameters. Specifically, during processing, the code attempts to dereference an invalid memory address, causing the program to crash. This vulnerability is related to the passing of the macList parameter and the execution of the strlen function. The input data is not sufficiently validated and processed, allowing attackers to exploit this vulnerability. |
|---|
| ソース | ⚠️ https://tasty-foxtrot-3a8.notion.site/D-link-DIR-823X-set_wifi_blacklists-Vulnerability-1870448e619580e5bf09cf628692f7a9?pvs=73 |
|---|
| ユーザー | hand_king (UID 77354) |
|---|
| 送信 | 2025年01月26日 07:03 (1 年 ago) |
|---|
| モデレーション | 2025年02月07日 10:37 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 294933 [D-Link DIR-823X 240126/240802 HTTP POST Request set_wifi_blacklists macList サービス拒否] |
|---|
| ポイント | 17 |
|---|