| 제목 | DLink dhp-1320 A1 v1.00WWB04 Stack-based Buffer Overflow |
|---|
| 설명 | The device's httpd service contains a stack-based buffer overflow vulnerability in its handling of SOAP-type CGI requests. When processing requests with the SOAPACTION: HNAP1 header, the function redirect_count_down_page() is invoked. This function utilizes unbounded string manipulation functions such as sprintf and strcpy to concatenate externally controlled input—including NVRAM configuration values and unsanitized data from SOAP requests—into a fixed-length stack buffer (e.g., char v83[1024], as identified through IDA Pro decompilation). Critically, no length validation or bounds checking is performed on the input data throughout this process. An attacker can trigger this vulnerability by crafting a malicious SOAP HTTP request featuring: (i) a valid SOAPACTION: HNAP1 header, (ii) a negative Content-Length header value, and (iii) an oversized payload of controlled data of sufficient length. Upon sending this request to the device's httpd service, a stack buffer overflow occurs, corrupting subsequent stack memory regions including the function's return address and resulting in immediate process crash. |
|---|
| 원천 | ⚠️ https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink |
|---|
| 사용자 | xiaobor123 (UID 76914) |
|---|
| 제출 | 2026. 03. 06. PM 01:18 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 21. AM 08:42 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352317 [D-Link DHP-1320 1.00WWB04 SOAP redirect_count_down_page 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|