CVE-2017-8410

Name of the Vulnerable Software and Affected Versions D-Link DCS-1100 (affected versions not specified) D-Link DCS-1130 (affected versions not specified)

Description An issue was discovered in the binary rtspd in the /sbin folder of the devices, which handles all rtsp connections. The binary performs a memcpy operation at address 0x00011E34 with the value sent in the "Authorization: Basic" RTSP header and stores it on the stack. The number of bytes to be copied is calculated based on the length of the string sent in the RTSP header by the client. As a result, memcpy copies more data than it can hold on the stack, corrupting the registers for the caller function sub F6CC, resulting in memory corruption. This allows for a buffer overflow, enabling control of the PC register and resulting in arbitrary code execution on the device.

Recommendations For D-Link DCS-1100, consider disabling the rtspd binary in the /sbin folder as a temporary workaround until a patch is available. For D-Link DCS-1130, consider disabling the rtspd binary in the /sbin folder as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.