OSVDB ID: 86824

Title: D-Link Wireless N300 Cloud Router CAPTCHA Data HTTP Request Parsing Remote Overflow

Info

Disclosure

Oct 08, 2012

Discovery

Unknown

Dates

Exploit

Oct 08, 2012

Solution

Unknown

Description

D-Link Wireless N300 Cloud Router is prone to an overflow condition. The web server fails to properly sanitize user-supplied input during the parsing of CAPTCHA data resulting in a stack-based buffer overflow. With a specially crafted HTTP request, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

D-Link Corporation/D-Link Systems, Inc.	Wireless N300 Cloud Router	1.10
		1.12

References

Secunia Advisory ID: 51075
Other Advisory URL: http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/
Vendor URL: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-605l-wireless-n-300-home-cloud-router/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86824

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

D-Link Corporation/D-Link Systems, Inc.

Wireless N300 Cloud Router

References

Credit