| tiêu đề | DLink dhp-1320 A1 v1.00WWB04 Stack-based Buffer Overflow |
|---|
| Mô tả | The device's httpd service contains a stack-based buffer overflow vulnerability in its handling of SOAP-type CGI requests. When processing requests with the SOAPACTION: HNAP1 header, the function redirect_count_down_page() is invoked. This function utilizes unbounded string manipulation functions such as sprintf and strcpy to concatenate externally controlled input—including NVRAM configuration values and unsanitized data from SOAP requests—into a fixed-length stack buffer (e.g., char v83[1024], as identified through IDA Pro decompilation). Critically, no length validation or bounds checking is performed on the input data throughout this process. An attacker can trigger this vulnerability by crafting a malicious SOAP HTTP request featuring: (i) a valid SOAPACTION: HNAP1 header, (ii) a negative Content-Length header value, and (iii) an oversized payload of controlled data of sufficient length. Upon sending this request to the device's httpd service, a stack buffer overflow occurs, corrupting subsequent stack memory regions including the function's return address and resulting in immediate process crash. |
|---|
| Nguồn | ⚠️ https://github.com/xiaobor123/vul-finds/tree/main/vul-find-dhp1320-dlink |
|---|
| Người dùng | xiaobor123 (UID 76914) |
|---|
| Đệ trình | 06/03/2026 13:18 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 21/03/2026 08:42 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 352317 [D-Link DHP-1320 1.00WWB04 SOAP redirect_count_down_page tràn bộ đệm] |
|---|
| điểm | 20 |
|---|