Primary

Context

D-Link DWR-M961 Stack-Based Buffer Overflow Vulnerability in Authorization Interface

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DWR-M961 router, specifically in version 1.1.36. The issue arises within the Authorization Interface, in the file '/boafrm/formStaticDHCP'. The vulnerability is triggered by manipulating the 'Hostname' argument, leading to a stack-based buffer overflow that can be exploited remotely.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can potentially be used to execute arbitrary code or disrupt the device's normal functioning.

Reproduction

To reproduce this vulnerability, send a crafted request to the '/boafrm/formStaticDHCP' endpoint, including a 'Hostname' argument that exceeds the expected length. This will trigger the stack-based buffer overflow condition.

Remediation

Upgrade the router's firmware to version 1.1.49 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DWR-M961 Stack-Based Buffer Overflow Vulnerability in Authorization Interface

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating