Arbitrary Code Execution Vulnerability in D-Link DAP-1330 Routers
CVE-2021-34829
8.8HIGH
What is CVE-2021-34829?
Network-adjacent attackers can exploit a flaw in the D-Link DAP-1330 router that arises from improper validation of the HNAP_AUTH HTTP header. This vulnerability allows attackers to execute arbitrary code without requiring authentication, compromising the device's integrity. The issue is due to insufficient checks on the length of user-supplied data, which leads to a buffer overflow. Users are advised to update their router to the latest firmware to mitigate this risk.
Affected Version(s)
DAP-1330 1.13B01 BETA