PT-2021-5582 · D Link · D-Link Dir-809

Lnkvct

Published

2021-01-12

Updated

2021-12-03

CVE-2021-33267

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-809 devices with firmware through DIR-809Ax FW1.12WWB03 20190410

Description A stack buffer overflow issue exists in the function FUN 80034d60 in the /formStaticDHCP endpoint. This issue can be triggered via a crafted POST request, potentially allowing a remote attacker to execute arbitrary code in the system.

Recommendations For D-Link DIR-809 devices with firmware through DIR-809Ax FW1.12WWB03 20190410, consider disabling access to the /formStaticDHCP endpoint until a patch is available. As a temporary workaround, restrict the use of the FUN 80034d60 function to minimize the risk of exploitation. Avoid using the /formStaticDHCP endpoint with crafted POST requests until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-00012

CVE-2021-33267

Affected Products

D-Link Dir-809

PT-2021-5582 · D Link · D-Link Dir-809

CVE-2021-33267

Weakness Enumeration

Related Identifiers

Affected Products

References · 8