Arbitrary Code Execution Vulnerability in D-Link DAP-1330 Routers
CVE-2021-34830

8.8HIGH

Key Information:

Vendor
D-link
Status
Dap-1330
Vendor
CVE Published:
15 July 2021

Summary

This vulnerability affects D-Link DAP-1330 routers, allowing network-adjacent attackers to execute arbitrary code without authentication. The flaw arises from improper validation of the Cookie HTTP header's length, which leads to a buffer overflow. This can be exploited to execute code within the device's context, posing significant security risks. Ensure your devices are updated to mitigate potential threats.

Affected Version(s)

DAP-1330 1.13B01 BETA

References

https://www.zerodayinitiative.com/advisories/ZDI-21-682/
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.