fkie_cve-2012-10021
Vulnerability from fkie_nvd
Published
2025-07-31 15:15
Modified
2025-07-31 18:42
Severity ?
Summary
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device." }, { "lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en las versiones de firmware 1.12 y 1.13 del D-Link DIR-605L Wireless N300 Cloud Router mediante la funci\u00f3n getAuthCode(). La falla se debe al uso inseguro de sprintf() al procesar datos CAPTCHA proporcionados por el usuario mediante el par\u00e1metro FILECODE en /goform/formLogin. Un atacante remoto no autenticado puede explotar esto para ejecutar c\u00f3digo arbitrario con privilegios de root en el dispositivo." } ], "id": "CVE-2012-10021", "lastModified": "2025-07-31T18:42:37.870", "metrics": { "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "disclosure@vulncheck.com", "type": "Secondary" } ] }, "published": "2025-07-31T15:15:32.597", "references": [ { "source": "disclosure@vulncheck.com", "url": "https://forums.dlink.com/index.php?topic=51923.0" }, { "source": "disclosure@vulncheck.com", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb" }, { "source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/" }, { "source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/29127" }, { "source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow" } ], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "disclosure@vulncheck.com", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…