| 제목 | D-Link DIR-513 v1.0 Buffer Overflow |
|---|
| 설명 | A stack-based buffer overflow vulnerability exists in the function formLanguageChange of the Boa web server, which is used to implement the web-based management interface in the DIR-513 embedded device.
This vulnerability is triggered when a remote attacker sends a specially crafted POST request to the endpoint /goform/formLanguageChange. The vulnerable function retrieves the parameter curTime from the request body and then uses it in a call to sprintf():
sprintf(v12, "%s?t=%s", "/index.asp", v8);
Here, v8 is derived from the input curTime . Since the length of curTime is not properly validated before being used in sprintf, an attacker can supply an excessively long value, leading to a stack buffer overflow. |
|---|
| 원천 | ⚠️ https://github.com/boyslikesports/vul/blob/main/formLanguageChange.md |
|---|
| 사용자 | Weining Xiao (UID 88216) |
|---|
| 제출 | 2025. 07. 22. AM 08:45 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 25. AM 08:52 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 317573 [D-Link DIR-513 1.0 HTTP POST Request formLanguageChange curTime 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|