| Title | D-Link DI-8100 DI-8100-16.07.26A1 Stack-based Buffer Overflow |
|---|
| Description | In the ctxz_asp function of the jhttpd file of the DI_8100-16.07.26A1 firmware, control the incoming def, defTcp, defUdp, defIcmp, and defO parameters, and then the incoming parameters after sprintf, such as v31, v34, v37, v40, will be copied to v47 again (local variables are on the stack) through the following judgment assignment. But without control, it results in stack overflow, which may lead to denial of service or even command execution. |
|---|
| Source | ⚠️ https://github.com/Yhuanhuan01/DI-8100_Vulnerability_Report/blob/main/DI-8100-Vulnerability_Report_ctxz.md |
|---|
| User | huan (UID 84420) |
|---|
| Submission | 05/13/2025 14:00 (1 Year ago) |
|---|
| Moderation | 05/17/2025 08:14 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 309436 [D-Link DI-8100 16.07.26A1 Connection Limit Page /ctxz.asp ctxz_asp def/defTcp/defUdp/defIcmp/defOther stack-based overflow] |
|---|
| Points | 20 |
|---|