search menu icon-carat-right cmu-wordmark

CERT Coordination Center


D-Link routers contain buffer overflow vulnerability

Vulnerability Note VU#332115

Original Release Date: 2016-08-11 | Last Revised: 2016-08-12

Overview

D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2016-5681

A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function is used by a service which is exposed to the WAN network on port 8181 by default.

CVE-2016-5681 has been confirmed to affect:

    • DIR-850L B1
    • DIR-822 A1
    • DIR-823 A1
    • DIR-895L A1
    • DIR-890L A1
    • DIR-885L A1
    • DIR-880L A1
    • DIR-868L B1
    • DIR-868L C1
    • DIR-817L(W)
    • DIR-818L(W)

Impact

This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.

Solution

Apply Updates
D-Link has provided firmware updates for the affected devices. Please see their public advisory for links to the updated firmware.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks

Vendor Information

332115
Expand all

D-Link Systems, Inc.

Notified:  July 07, 2016 Updated:  August 09, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.4 E:POC/RL:ND/RC:C
Environmental 6.3 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs: CVE-2016-5681
Date Public: 2016-08-11
Date First Published: 2016-08-11
Date Last Updated: 2016-08-12 19:04 UTC
Document Revision: 15

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.