| タイトル | D-Link DI-8100 1.0 Buffer Overflow |
|---|
| 説明 | A stack-based buffer overflow vulnerability exists in the ddns_asp function of the jhttpd web server, which is commonly used in embedded devices. This vulnerability arises due to improper handling of user-supplied input in the ddns.asp request handler when the opt=add parameter is specified.
Vulnerability Details:
Component Affected: jhttpd web server
Vulnerable Function: ddns_asp (Dynamic DNS configuration handler)
Trigger Condition: Sending a crafted HTTP GET request to /ddns.asp with the opt=add parameter
User Input: Parameters such as mx= are concatenated into a local stack buffer using the unsafe sprintf() function
Lack of Input Validation: No length checks are performed on the input, allowing an attacker to supply overly long values
Impact:
The excessive input can overflow the fixed-size stack buffer, potentially overwriting the return address of the function
This leads to a denial of service (DoS) via segmentation fault
More critically, this vulnerability could be exploited for remote code execution (RCE) if the attacker can precisely control the overwritten return address and inject malicious payload or ROP chain |
|---|
| ソース | ⚠️ https://github.com/buobo/bo-s-CVE/blob/main/DI-8100/wp.md |
|---|
| ユーザー | bazhuayu (UID 86763) |
|---|
| 送信 | 2025年07月18日 20:01 (11 月 ago) |
|---|
| モデレーション | 2025年07月19日 21:06 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 317023 [D-Link DI-8100 1.0 jhttpd /ddns.asp?opt=add sprintf mx メモリ破損] |
|---|
| ポイント | 20 |
|---|