| Title | D-Link DIR-513 1.10 Buffer Overflow |
|---|
| Description | The DIR-513 device's web service, implemented via the boa program, initializes through the websAspInitfunction which registers callback APIs. A POST request to /goform/formSetWanL2TPtriggers the formSetWanL2TPcallback function. This function retrieves the curTimeparameter from the request body and passes it unsanitized to sprintf(v11, "%s?t=%s", last_url, Var), where it gets concatenated into a stack buffer. Due to missing length validation, an oversized curTimevalue triggers a stack overflow that may crash the service (DoS) or, with further exploitation, grant shell access. |
|---|
| Source | ⚠️ https://github.com/InfiniteLin/Lin-s-CVEdb/blob/main/DIR-513/formSetWanPPTP.md |
|---|
| User | AttackingLin (UID 88138) |
|---|
| Submission | 07/25/2025 04:41 (9 months ago) |
|---|
| Moderation | 07/25/2025 10:36 (6 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317597 [D-Link DIR-513 up to 1.10 HTTP POST Request formSetWanL2TPtriggers formSetWanL2TPcallback stack-based overflow] |
|---|
| Points | 20 |
|---|