Vulnerabilities > CVE-2020-8962 - Out-of-bounds Write vulnerability in Dlink Dir-842 Firmware 3.13B09

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dlink

CWE-787

critical

NVD

Published: 2020-02-13

Updated: 2020-02-18

Summary

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 842 Firmware 3.13B09	1
Hardware	Dlink Dlink DIR 842 C	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://ctrsec.io/index.php/2020/02/12/cve-2020-8962-d-link-dir-842-stack-based-buffer-overflow/