D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.
CWE-121: Stack-based Buffer Overflow - CVE-2016-5681
A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.
This function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.
Thanks to Daniel Romero @daniel_rome (NCC Group) for reporting this vulnerability.
This document was written by Trent Novelly.
|Date First Published:||2016-08-11|
|Date Last Updated:||2016-08-12 19:04 UTC|