The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
The vulnerability (CWE-121, CWE-787) consists of a stack-based buffer overflow in the router's web service. An attacker can send a specially crafted network request that causes data to be written beyond the boundaries of the allocated buffer in stack memory. This makes it possible to overwrite critical control structures and redirect program execution flow, which effectively leads to arbitrary code execution.
An unauthenticated remote attacker can execute arbitrary code on the vulnerable device, which in practice means complete takeover of the router, ability to modify its configuration, intercept network traffic, or use the device as an entry point to the local network.
Security patches available from the manufacturer should be applied in accordance with references published by TWCERT (https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html). It is also recommended to restrict access to the router's web interface exclusively to trusted hosts and disable remote management over the Internet until the patch is installed.
D-Link DIR-X4860 wireless routers — specific firmware versions indicated in manufacturer references (TWCERT)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir X4860
HWDlinka1Dlink Dir X4860 Firmware
OSDlink1.001.04
Related vulnerabilities
Stack-based Buffer Overflow w routerach D-Link DIR-X5460 umożliwiający RCE
D-Link DIR-X4860 — ukryta usługa telnet z zakodowanymi danymi logowania
D-Link DIR-X4860: command injection przez telnet z użyciem zakodowanych poświadczeń
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web...
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)