D-Link DI-7001 MINI Buffer Overflow Vulnerability in /dbsrv.asp Allowing Denial-of-Service and Arbitrary Command Execution
Vulnerability
A critical buffer overflow vulnerability has been identified in the D-Link DI-7001 MINI gateway, specifically in the firmware version 24.04.18B1. The vulnerability arises from an unknown function in the file /dbsrv.asp, where manipulation of the argument str leads to a buffer overflow. This issue can be exploited remotely, causing a denial-of-service condition or allowing arbitrary command execution.
Impact
Exploitation of this vulnerability causes a buffer overflow, which can lead to a denial-of-service condition or arbitrary command execution on the affected device.
Reproduction
To reproduce this vulnerability, send a POST request to the /dbsrv.asp endpoint. The request must include a payload that manipulates the str parameter, overflowing the buffer by exceeding the expected length. This can be done using a series of repeated characters to exploit the buffer overflow vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.