D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
The vulnerability results from the lack of proper verification of input data length (CWE-120 – classic buffer overflow). The attacker sends a specially crafted request to the device containing an excessively long value of the curTime parameter, which causes a buffer overflow in the formSetEnableWizard function. Due to the network vector (AV:N), lack of authentication requirements (PR:N) and no need for user interaction (UI:N), the attack can be performed remotely without any privileges.
Successful exploitation of the vulnerability may lead to arbitrary code execution on the device (RCE), and consequently to complete takeover of the router, loss of confidentiality, integrity and availability of the system.
Apply patches available from the manufacturer according to the references. Until the patch is applied, it is recommended to restrict access to the device management interface exclusively to trusted hosts and disable remote access to the administrative panel from the WAN network side.
D-Link DIR-600L series Ax with firmware version FW116WWb01
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 600l
HWDlinka1Dlink Dir 600l Firmware
OSDlink1.16wwb01
Related vulnerabilities
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...
Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root
D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root
Buffer overflow w D-Link DIR-600L przez parametr curTime
Buffer overflow w D-Link DIR-600L — podatność krytyczna RCE