Details of VAR-201007-0355

ID

VAR-201007-0355

TITLE

D-Link DAP-1160 Web Management Interface 'formFilter()' Function Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-1326

DESCRIPTION

The D-Link DAP-1160 is a small wireless AP. Send the correct format POST request to the following URL: http://IP_ADDR/apply.cgi?formhandler_func to change the device configuration, where IP_ADDR is the device IP address, and formhandler_func is the function used to complete the task, which will process the POST parameters in the request body. The formFilter() function included in it allows URL filtering operations to be performed on specific URLs. The provided URL is copied to a fixed-size stack buffer via a WEB page or by sending a properly formatted POST request. A buffer overflow can be triggered if a very long URL is provided. The D-Link DAP-1160 Web Administration Interface is prone to a remote buffer overflow vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

Trust: 0.81

sources: CNVD: CNVD-2010-1326 // BID: 41661

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1326

AFFECTED PRODUCTS

vendor:	d link	model:	dap-1160 1.20b06	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dap-1160 1.30b10	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dap-1160 1.31b01	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dap-1160	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2010-1326 // BID: 41661

THREAT TYPE

network

Trust: 0.3

sources: BID: 41661

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 41661

EXTERNAL IDS

db:	BID	id:	41661	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1326	Trust: 0.6

sources: CNVD: CNVD-2010-1326 // BID: 41661

REFERENCES

url:	http://seclists.org/fulldisclosure/2010/jul/200	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2010-1326 // BID: 41661

CREDITS

Cristofaro Mune

Trust: 0.3

sources: BID: 41661

SOURCES

db:	CNVD	id:	CNVD-2010-1326
db:	BID	id:	41661

LAST UPDATE DATE

2022-05-17T02:00:14.845000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1326	date:	2010-07-14T00:00:00
db:	BID	id:	41661	date:	2010-07-14T20:46:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1326	date:	2010-07-14T00:00:00
db:	BID	id:	41661	date:	2010-07-14T00:00:00