Stack-based Buffer Overflow in D-Link DIR-100 Routers
CVE-2013-6027

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-100
Vendor: CVE Published:; 19 October 2013

Summary

The D-Link DIR-100 router is susceptible to a stack-based buffer overflow in the RuntimeDiagnosticPing function, which is located in the /bin/webs executable. This vulnerability may allow authenticated remote administrators to execute arbitrary commands. Specifically, by sending a specially crafted long set/runtime/diagnostic/pingIp parameter to the Tools/tools_misc.xgi endpoint, an attacker can manipulate the execution flow of the router's firmware, potentially leading to unauthorized access and control. Timely patching and network monitoring are crucial to mitigate risks associated with this vulnerability.

References

http://pastebin.com/raw.php?i=vbiG42VD

x_refsource_MISC

http://www.kb.cert.org/vuls/id/248083

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 19, 2013