# D-link DIR-600 Stack overflow vulnerability ## Overview - Vulnarable product: D-Link DIR-600 - Manufacturer's website information: https://www.dlink.com/ - Firmware download address: [https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=DIR-600](https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=DIR-600) ## Affected version - Hardware version: B5 - Firmware version: 2.18 ![](https://hackmd.io/_uploads/rJgtgqZw2.png) Figure 1 shows the latest firmware of the router ## Vulnerability Details ![](https://hackmd.io/_uploads/SyFFg5ZDn.png) ![](https://hackmd.io/_uploads/Byxqgc-wh.png) The content obtained by the program through service parameters is passed to v30, and then v30 only has 512 bytes space. There is a stack-based overflow vulnerability. The vulnerability is in gena.cgi binary, the vulnerability that exists in the parsing of the HTTP request header with the query field comes as input. Since there is no proper validation process in the length of user-supplied data before copying it to a fixed-length stack-based buffer, an attacker can send more data to the local stack buffer and then parse it. This allows the attacker to perform a Pre-Authentication RCE.
Last changed by  
Hsin
170

Read more

D-link DIR-600 cmd injection vulnerability

Overview Vulnarable product: D-Link DIR-600 Manufacturer's website information: https://www.dlink.com/ Firmware download address: https://www.dlinktw.com.tw/techsupport/ProductInfo.aspx?m=DIR-600 Affected version Hardware version B5 Firmware version 2.18 Figure 1 shows the latest firmware of the router

6/10/2023
2022q1 Homework1 (lab0)

contributed by < naihsin > 實驗環境 $ gcc --version gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0 $ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian

2/21/2022
Proposal

1/18/2020
Read more from Hsin
Published on HackMD