Submeter #798647: D-Link DIR-825 C1_FW3.00b32 Buffer Overflowinformação

TítuloD-Link DIR-825 C1_FW3.00b32 Buffer Overflow
DescriçãoA stack-based buffer overflow exists in the `miniupnpd` implementation used by D-Link DIR-825. The issue is reachable through the LAN-side UPnP SOAP interface during `AddPortMapping` processing. An attacker on the local network can send a crafted `AddPortMapping` request with an oversized `NewPortMappingDescription` value. When the request updates an existing port mapping, the description is written to a fixed-size stack buffer via `sprintf()` without length validation, leading to memory corruption.
Fonte⚠️ https://tzh00203.notion.site/D-Link-DIR-825-miniupnpd-AddPortMapping-Stack-Overflow-337b5c52018a8028988ecc9daded409e
Utilizador
 tian (UID 93438)
Submissão07/04/2026 13h06 (há 21 dias)
Moderação26/04/2026 09h38 (19 days later)
EstadoAceite
Entrada VulDB359644 [D-Link DIR-825 até 3.00b32 miniupnpd upnpsoap.c AddPortMapping NewPortMappingDescription Excesso de tampão]
Pontos17

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!