Submit #780238: D-Link DIR-816 1.10CNB05 Buffer Overflowinfo

TitleD-Link DIR-816 1.10CNB05 Buffer Overflow
DescriptionIn D-Link DIR-816 routers with firmware version 1.10CNB05, the s_ip parameter of route /goform/editassignment contains a buffer‑overflow vulnerability that can lead to denial‑of‑service and potentially remote command execution. There is a stack overflow vulnerability in the sub_42C178 function in DLink DIR816 firmware 1.10CNB05. The function sub_42C178, which is registered to handle the "editassignment" web form, accepts the s_ip parameter from a Web request via the variable Var. However, since the user has full control over the input and the strcat() function performs concatenation without any boundary checks to ensure the total string length does not exceed the target buffer's size, the statement strcat(v16, Var); leads to a stack-based buffer overflow. The cumulative length of the data already stored in the 1024-byte buffer v16 combined with the user-supplied IP address can easily exceed the array's capacity, thus overwriting the stack frame and the saved return address. This vulnerability can be exploited to achieve Remote Code Execution (RCE) or trigger a Denial of Service (DoS).
Source⚠️ https://github.com/shuqi233/loophole/blob/main/DLink%20DIR-816/editassignment-ip.md
User
 Anonymous User
Submission03/14/2026 16:39 (4 months ago)
Moderation03/30/2026 15:39 (16 days later)
StatusDuplicate
VulDB entry199340 [D-Link DIR-816 A2 1.10CNB04 /goform/editassignment MAC stack-based overflow]
Points0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!