CVE-2018-10996

The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable.
References
Link Resource
http://www.securityfocus.com/bid/104277 Third Party Advisory VDB Entry
https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:d-link:dir-629-b_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-629-b:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-12 04:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-10996

Mitre link : CVE-2018-10996

CVE.ORG link : CVE-2018-10996


JSON object : View

Products Affected

d-link

  • dir-629-b_firmware
  • dir-629-b
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer