Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27718: DIR_878-1.30B08/1.md at main · HolyTruth/DIR_878-1.30B08

D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

CVE
Open in Source
#vulnerability#dos#rce#buffer_overflow#auth

DIR_878 1.30B08 Unauthorized stack overflow vulnerability

****1. Affected version:****

DIR_878-1.30B08

****2. Firmware download address****

http://www.dlink.com.cn/

****3. Vulnerability details****

The function “sub_498308” contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.

****4. Recurring vulnerabilities and POC****

Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.

5. Author

Truth @KRlab

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE