D-Link DHP-1320 Stack-Based Buffer Overflow Vulnerability in SOAP Handler
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the D-Link DHP-1320 router, specifically in the 1.00WWB04 firmware version. This vulnerability arises in the SOAP Handler component, within the function 'redirect_count_down_page'. The issue is caused by unbounded string manipulation, where external input is concatenated into a fixed-length stack buffer without proper length validation. This vulnerability can be exploited remotely, leading to memory corruption and potential execution of arbitrary code.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, corrupting the stack memory and including the function's return address, which can lead to arbitrary code execution.
Reproduction
The vulnerability can be reproduced by sending a crafted SOAP HTTP request to the router's 'httpd' service. The request must include a valid 'SOAPACTION: HNAP1' header, a negative 'Content-Length' value, and an oversized payload that exceeds the buffer limit. This triggers the stack overflow by overwriting the return address, causing a crash of the 'httpd' process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.