Remote Code Execution Vulnerability in D-Link DIR-816 A2 Products
CVE-2018-20305
9.8CRITICAL
What is CVE-2018-20305?
D-Link DIR-816 A2 devices running firmware version 1.10 B05 are susceptible to a serious vulnerability that allows for arbitrary remote code execution. This issue arises due to a stack-based buffer overflow that occurs when processing the newpass parameter in the /goform/form2userconfig.cgi handler. An attacker can exploit this flaw by sending a specially crafted long password, which can overwrite a return address and lead to the execution of malicious code without requiring authentication, thereby exposing users to significant risks.