The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104277 | Third Party Advisory VDB Entry |
https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2018-05-12 04:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-10996
Mitre link : CVE-2018-10996
CVE.ORG link : CVE-2018-10996
JSON object : View
Products Affected
d-link
- dir-629-b_firmware
- dir-629-b
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer