CVE-2017-8414

Name of the Vulnerable Software and Affected Versions D-Link DCS-1100 (affected versions not specified) D-Link DCS-1130 (affected versions not specified)

Description An issue was discovered on D-Link devices, where the binary orthrus in the /sbin folder handles UPnP connections. The binary performs a sprintf operation with the value in the command line parameter -f and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub A098, leading to memory corruption.

Recommendations For D-Link DCS-1100, consider disabling the orthrus binary in the /sbin folder as a temporary workaround until a patch is available. For D-Link DCS-1130, consider disabling the orthrus binary in the /sbin folder as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.