Lx-66-Lx

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A stack-based buffer overflow exists in the D-Link DWR-M960 router. This issue is located within the `sub 4196C4` function of the `/boafrm/formVpnConfigSetup` component, which manages VPN configuration setup. The vulnerability is triggered by manipulating the `submit-url` argument. The attack can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 that allows manipulation of the `url` argument within the `sub 44E0F8` function of the `/boafrm/formNewSchedule` file, leading to a stack-based buffer overflow. Remote exploitation is possible. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/boafrm/formNewSchedule` file to minimize the risk of exploitation. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router firmware that allows for remote exploitation. The issue is located within the `sub 42B5A0` function of the `/boafrm/formBridgeVlan` component, specifically in the Bridge VLAN Configuration Endpoint. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow. The exploit is publicly available. **Recommendations** Versions prior to 1.01.07 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A stack-based buffer overflow exists in the D-Link DWR-M960 router firmware. This issue is located within the `sub 452CCC` function of the `/boafrm/formWlEncrypt` file, which is part of the WLAN Encryption Configuration Endpoint. Manipulation of the `submit-url` argument can trigger the overflow. The attack can be launched remotely. The exploit has been made public. **Recommendations** Update to a newer version of the DWR-M960 firmware that addresses this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 that allows for a stack-based buffer overflow. This issue is located within the `sub 460F30` function of the `/boafrm/formDateReboot` file, part of the Scheduled Reboot Configuration Endpoint. The `submit-url` argument can be manipulated to trigger the overflow, and the attack can be carried out remotely. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A security issue has been identified in the D-Link DWR-M960. The issue is a stack-based buffer overflow within the `sub 457C5C` function located in the `/boafrm/formWsc` file. Manipulation of the `save apply` argument can trigger this overflow, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Update to a newer version of the DWR-M960 firmware that addresses this vulnerability. As a temporary workaround, consider restricting access to the `/boafrm/formWsc` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically in the function `sub 427D74` located within the `/boafrm/formIpQoS` component. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow. This allows for remote execution of code or a denial-of-service condition. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a newer version of the DWR-M960 router that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically in the `sub 46385C` function within the `/boafrm/formDosCfg` module. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow. Remote exploitation is possible. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically in version 1.01.07. The issue is located within the `sub 4611CC` function of the `/boafrm/formNtp` component, which manages NTP (Network Time Protocol) configuration. Manipulation of the `submit-url` argument in the NTP Configuration Endpoint can lead to a stack-based buffer overflow. This allows remote attackers to potentially execute code or cause a denial-of-service condition. The API endpoint involved is `/boafrm/formNtp`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A security flaw exists in D-Link DWR-M960 version 1.01.07. The issue is a stack-based buffer overflow that occurs due to manipulation of the `submit-url` argument within the `formIpv6Setup` file and the `sub 469104` function. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960, specifically within the Filter Configuration Endpoint. The issue resides in the `sub 424AFC` function of the `/boafrm/formFilter` file. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Filter Configuration Endpoint.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A stack-based buffer overflow exists in the D-Link DWR-M960 router. The issue affects the function `sub 453140` within the `/boafrm/formWlAc` component of the Wireless Access Control Endpoint. Manipulation of the `submit-url` argument can trigger the overflow. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router firmware. The issue is located in the `sub 468D64` function within the `/boafrm/formDhcpv6s` module. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow, potentially allowing for remote code execution. The exploit for this issue has been published. **Recommendations** Update to a newer version of the DWR-M960 firmware that addresses this vulnerability. As a temporary workaround, consider restricting access to the `/boafrm/formDhcpv6s` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically within the LTE Configuration Endpoint. The issue resides in the `sub 4237AC` function of the `/boafrm/formLteSetup` component. Manipulation of the `submit-url` argument can lead to a stack-based buffer overflow, allowing for remote exploitation. The exploit has been published and may be used. **Recommendations** Update to a newer version when available. As a temporary workaround, consider isolating the affected devices and monitoring for attacks.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically in version 1.01.07. This issue is located within the `sub 462590` function of the `/boafrm/formOpMode` component, which is part of the Operation Mode Configuration Endpoint. Remote attackers can exploit this by manipulating the `submit-url` argument, resulting in a stack-based buffer overflow. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A stack-based buffer overflow exists in the D-Link DWR-M960 router. The issue is located in the `sub 462E14` function of the `/boafrm/formSysLog` component, which handles system log configuration. Manipulation of the `submit-url` argument triggers the overflow. The exploit is publicly available and can be initiated remotely. **Recommendations** Versions prior to 1.01.07 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A stack-based buffer overflow exists in the Advanced Firewall Configuration Endpoint of the D-Link DWR-M960. The issue is located in the function `sub 425FF8` of the file `/boafrm/formFirewallAdv`. Manipulation of the `submit-url` argument can trigger the overflow. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 router, specifically in the function `sub 41914C` within the `/boafrm/formWanConfigSetup` component, which manages WAN interface configuration. The issue allows a remote stack-based buffer overflow by manipulating the `submit-url` argument. This could lead to potential remote code execution. The exploit is publicly available. **Recommendations** Versions prior to 1.01.07 are vulnerable. As a temporary workaround, consider restricting access to the `/boafrm/formWanConfigSetup` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the D-Link DWR-M960 that could allow for remote compromise. The issue is located within the DDNS Settings Handler component, specifically in the `sub 4648F0` function of the `/boafrm/formDdns` file. Manipulation of the `submit-url` argument can trigger a stack-based buffer overflow. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DWR-M960 version 1.01.07 **Description** A flaw exists in the Port Forwarding Configuration Endpoint of the D-Link DWR-M960. Specifically, the `sub 423E00` function within the `/boafrm/formPortFw` file is susceptible to a stack-based buffer overflow when the `submit-url` argument is manipulated. This could allow for remote exploitation. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.