Stack-Based Buffer Overflow in D-Link DIR-615Jx10 Devices
CVE-2020-9535

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-615jx10 Firmware
Vendor: CVE Published:; 2 March 2020

What is CVE-2020-9535?

The D-Link DIR-615Jx10 device is vulnerable to a stack-based buffer overflow due to improper handling of input on the formWlanSetup_Wizard webpage. When the f_radius_ip1 parameter is supplied with malformed data, it can lead to potential remote exploitation, allowing attackers to execute arbitrary code or disrupt the device's functionality. This vulnerability highlights the importance of proper validation and sanitization of user inputs in web-based management interfaces.

References

https://github.com/ladinas/Vulns_of_Embedded_Systems/blob...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2020
Vulnerability Reserved
Mar 1, 2020