CVE-2018-20056

Name of the Vulnerable Software and Affected Versions D-Link DIR-619L Rev.B version 2.06B1 D-Link DIR-605L Rev.B version 2.12B1 D-Link DIR-823G (affected versions not specified)

Description An issue exists in the /bin/boa component of D-Link routers, allowing remote attackers to execute arbitrary code without authentication. This is due to a stack-based buffer overflow vulnerability that can be exploited via the currTime parameter in the "goform/formLanguageChange" endpoint. The vulnerability may allow an attacker to execute arbitrary code remotely.

Recommendations For D-Link DIR-619L Rev.B version 2.06B1, consider disabling the /bin/boa component until a patch is available. For D-Link DIR-605L Rev.B version 2.12B1, restrict access to the "goform/formLanguageChange" endpoint to minimize the risk of exploitation. For D-Link DIR-823G, at the moment, there is no information about a newer version that contains a fix for this vulnerability.