1.12Wwb03

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dlink

CWE-787

critical

NVD

Published: 2021-12-01

Updated: 2021-12-03

Summary

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 809 Firmware 1.00 Dlink DIR 809 Firmware 1.02 Dlink DIR 809 Firmware 1.12Wwb03	3
Hardware	Dlink Dlink DIR 809 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.dlink.com/en/security-bulletin/
https://github.com/Lnkvct/IoT-poc/tree/master/D-Link-DIR809/vuln07