D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
The attacker sends a specially crafted network request to the device containing an excessively long value of the curTime parameter, handled by the formSetWAN_Wizard52 function. Due to lack of proper validation of input data length (CWE-120 — classic buffer overflow), the data overflows the allocated buffer in memory. This results in overwriting adjacent memory areas, which can lead to arbitrary code execution by the attacker.
An unauthenticated remote attacker can gain full control over the device, including the ability to read and modify configuration, as well as execute arbitrary code (RCE) with system privileges. The confidentiality, integrity, and availability of the device are at risk.
Manufacturer patches should be applied according to the references. If an update is not available, it is recommended to isolate the device from the public network, disable remote management via WAN, and consider replacing the device with an actively supported model.
D-Link DIR-600L with firmware version Ax FW116WWb01
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 600l
HWDlinka1Dlink Dir 600l Firmware
OSDlink1.16wwb01
Related vulnerabilities
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...
Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root
D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root
Buffer overflow w D-Link DIR-600L przez parametr curTime
Buffer overflow w D-Link DIR600L – parametr curTime w formSetEnableWizard