Stack-Based Buffer Overflow in D-Link DIR-605L Wireless N300 Cloud Router
CVE-2012-10021
Key Information:
Badges
What is CVE-2012-10021?
A stack-based buffer overflow vulnerability is present in the firmware of the D-Link DIR-605L Wireless N300 Cloud Router. This flaw arises from the unsafe handling of user-supplied CAPTCHA data in the getAuthCode() function, specifically through the FILECODE parameter in the formLogin endpoint. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary code with root privileges on the affected device, potentially compromising the security and integrity of the system.
Affected Version(s)
DIR-605L 1.12 <= 1.13
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved