Sign-up

ID

VAR-202507-2948


CVE

CVE-2012-10021


TITLE

D-Link Corporation  of  DIR-605L  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-014669

DESCRIPTION

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device. (DoS) It may be in a state. The D-Link DIR-605L is D-Link's first cloud router, designed for home and small office networks

Trust: 2.16

sources: NVD: CVE-2012-10021 // JVNDB: JVNDB-2025-014669 // CNVD: CNVD-2025-18479

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-18479

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-605lscope:lteversion:1.13

Trust: 1.0

vendor:dlinkmodel:dir-605lscope:gteversion:1.12

Trust: 1.0

vendor:d linkmodel:dir-605lscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-605lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-605lscope:eqversion:dir-605l firmware 1.12 to 1.13

Trust: 0.8

vendor:youxunmodel:technology dir-605lscope:eqversion:1.12

Trust: 0.6

vendor:youxunmodel:technology dir-605lscope:eqversion:1.13

Trust: 0.6

sources: CNVD: CNVD-2025-18479 // JVNDB: JVNDB-2025-014669 // NVD: CVE-2012-10021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-10021
value: CRITICAL

Trust: 1.0

disclosure@vulncheck.com: CVE-2012-10021
value: CRITICAL

Trust: 1.0

NVD: CVE-2012-10021
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-18479
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-18479
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2012-10021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2012-10021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-18479 // JVNDB: JVNDB-2025-014669 // NVD: CVE-2012-10021 // NVD: CVE-2012-10021

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014669 // NVD: CVE-2012-10021

EXTERNAL IDS

db:NVDid:CVE-2012-10021

Trust: 3.2

db:EXPLOIT-DBid:29127

Trust: 1.8

db:JVNDBid:JVNDB-2025-014669

Trust: 0.8

db:CNVDid:CNVD-2025-18479

Trust: 0.6

sources: CNVD: CNVD-2025-18479 // JVNDB: JVNDB-2025-014669 // NVD: CVE-2012-10021

REFERENCES

url:https://forums.dlink.com/index.php?topic=51923.0

Trust: 2.4

url:https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb

Trust: 1.8

url:https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/

Trust: 1.8

url:https://www.exploit-db.com/exploits/29127

Trust: 1.8

url:https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2012-10021

Trust: 0.8

sources: CNVD: CNVD-2025-18479 // JVNDB: JVNDB-2025-014669 // NVD: CVE-2012-10021

SOURCES

db:CNVDid:CNVD-2025-18479
db:JVNDBid:JVNDB-2025-014669
db:NVDid:CVE-2012-10021

LAST UPDATE DATE

2025-10-02T23:29:17.517000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-18479date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-014669date:2025-09-30T07:54:00
db:NVDid:CVE-2012-10021date:2025-09-23T17:45:55.843

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-18479date:2025-08-14T00:00:00
db:JVNDBid:JVNDB-2025-014669date:2025-09-30T00:00:00
db:NVDid:CVE-2012-10021date:2025-07-31T15:15:32.597