| 제목 | D-Link DIR-600 v2.15WWb02 and possibly earlier versions Stack-based Buffer Overflow |
|---|
| 설명 | A stack-based buffer overflow vulnerability exists in the D-Link DIR-600 router firmware within the CGI binary "hedwig.cgi". The vulnerability is triggered via an overly long HTTP Cookie header, which is insufficiently validated before being copied into a fixed-size stack buffer.
An unauthenticated remote attacker can exploit this issue by sending a crafted HTTP POST request containing a malicious Cookie value, leading to stack memory corruption. Successful exploitation allows precise control of saved registers and return addresses, enabling execution of arbitrary code in the context of the embedded web server.
The vulnerability can be reliably exploited on MIPS little-endian systems by constructing a return-oriented programming (ROP) chain followed by custom shellcode, resulting in remote code execution with root privileges.
|
|---|
| 원천 | ⚠️ https://github.com/LonTan0/CVE/blob/main/Stack-Based%20Buffer%20Overflow%20Vulnerability%20in%20hedwig.cgi%20of%20D-Link%20DIR-600.md |
|---|
| 사용자 | LonTan0 (UID 84934) |
|---|
| 제출 | 2025. 12. 25. AM 10:25 (3 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 28. AM 10:32 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338581 [D-Link DIR-600 까지 2.15WWb02 HTTP Header hedwig.cgi Cookie 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|