Vulnerability Note VU#332115
D-Link routers contain buffer overflow vulnerability
D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.
CWE-121: Stack-based Buffer Overflow - CVE-2016-5681
A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|D-Link Systems, Inc.||Affected||07 Jul 2016||09 Aug 2016|
CVSS Metrics (Learn More)
Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2016-5681
- Date Public: 11 Aug 2016
- Date First Published: 11 Aug 2016
- Date Last Updated: 12 Aug 2016
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.