Volerion logoVolerion
Volerion logoVolerion

D-Link Devices Stack-Based Buffer Overflow Vulnerability in my_cgi.cgi Component Allowing Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited by sending a specially crafted HTTP POST request to the /common/info.cgi endpoint. The flaw allows an unauthenticated attacker to execute arbitrary code with system-level privileges on the affected device.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution with system privileges on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /common/info.cgi endpoint with a crafted 'storage_path' parameter. The payload must be designed to overflow the stack and overwrite the return address, redirecting execution to a system() call. This can be automated with a Metasploit module that handles the exploitation process.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
5.4
impact
7.5
exploitability
6.0
remediation
0.0
relevance
0.3
threat
7.7
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.