N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065.

N/A

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

D-Link DAP-1330 缓冲区错误漏洞

D-Link DAP-1330是中国台湾友讯（D-Link）公司的网络设备一个WIFI设备。 D-Link DAP-1330存在缓冲区错误漏洞，该漏洞源于在将用户提供的数据复制到固定长度缓冲区之前没有对其长度进行适当验证造成的。利用该漏洞可以在路由器上执行任意代码。

N/A

N/A