Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/305448 | us government resource vdb entry third party advisory |
| https://twitter.com/NCCGroupInfosec/status/845269159277723649 | third party advisory |
| https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories | third party advisory |
| http://www.securityfocus.com/bid/96747 | vdb entry third party advisory |
| https://tools.cisco.com/security/center/viewAlert.x?alertId=52967 | third party advisory patch |