CVE-2018-17067

Name of the Vulnerable Software and Affected Versions D-Link DIR-816 A2 version 1.10 B05

Description The issue is related to a stack-based buffer overflow that can occur when a very long password is sent to the /goform/formLogin endpoint. This can lead to overwriting the return address. The vulnerability is also described as a buffer overflow in the /goform/Diagnosis component of the D-Link DIR-816 A2 router's firmware, which can allow a remote attacker to execute arbitrary code.

Recommendations For D-Link DIR-816 A2 version 1.10 B05, consider restricting access to the /goform/formLogin and /goform/Diagnosis endpoints to minimize the risk of exploitation. Avoid using very long passwords in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.