Primary

Context

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the D-Link DCS-932L camera, specifically in version 2.18.01. The issue arises in the function sub_404780 within the file /bin/gpio, where the argument CameraName can be manipulated to cause the overflow. This vulnerability is remote-exploitable and affects a product that is no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted request that manipulates the CameraName parameter, exploiting the buffer overflow in the sub_404780 function of the /bin/gpio file.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DCS-932L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating