Stack-based Buffer Overflow in D-Link DIR-806 Devices via HTTP Header

Stack-based Buffer Overflow in D-Link DIR-806 Devices via HTTP Header

CVE-2019-10892 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnap_main at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a stack-based buffer overflow via a special HTTP header.

Learn more about our User Device Pen Test.