CVE-2021-34863

Name of the Vulnerable Software and Affected Versions D-Link DAP-2020 version 1.01rc001

Description The issue is related to a stack-based buffer overflow when handling the var:page parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For D-Link DAP-2020 version 1.01rc001, as a temporary workaround, consider restricting access to the "webproc" endpoint until a patch is available. Avoid using the var:page parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.