Stack-based Buffer Overflow in D-Link Router UPnP Service
CVE-2006-3687

Currently unrated

Key Information:

Vendor

D-link
Status
Wbr-1310 Wireless G Router
Di-604 Broadband Router
Di-784
Ebr-2310 Ethernet Broadband Router
Vendor
CVE Published:
21 July 2006

What is CVE-2006-3687?

A stack-based buffer overflow exists within the Universal Plug and Play (UPnP) service of various D-Link routers, including models DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, and EBR-2310. This vulnerability allows remote attackers to exploit the UPnP service via specially crafted M-SEARCH requests sent to UDP port 1900, potentially leading to arbitrary code execution on the affected devices.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/440298/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/440852/100/100/thr...
mailing-listx_refsource_BUGTRAQ

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.