N/A

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.

N/A

栈缓冲区溢出

D-Link 多款路由器缓冲区错误漏洞

D-Link DIR-878等都是中国友讯（D-Link）公司的一款无线路由器。 D-Link 多款路由器存在安全漏洞，该漏洞源于路由器中使用的 lighttpd 服务在将用户输入信息复制到特定缓冲区之前，未对输入信息进行长度验证。处于相邻网络的攻击者利用该漏洞可以执行任意代码。以下产品及版本受到影响：D-Link DIR-867,DIR-878,DIR-882。

N/A

N/A