CVE-2017-8414

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dcs-1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dcs-1130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-02 20:15

Updated : 2024-02-04 20:20


NVD link : CVE-2017-8414

Mitre link : CVE-2017-8414

CVE.ORG link : CVE-2017-8414


JSON object : View

Products Affected

dlink

  • dcs-1100
  • dcs-1100_firmware
  • dcs-1130_firmware
  • dcs-1130
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer