CVE-2021-34862

Name of the Vulnerable Software and Affected Versions D-Link DAP-2020 version 1.01rc001

Description The issue is related to a stack-based buffer overflow when handling the var:menu parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No authentication is required to exploit this vulnerability.

Recommendations For D-Link DAP-2020 version 1.01rc001, as a temporary workaround, consider disabling the webproc endpoint until a patch is available. Restrict access to the var:menu parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.