D-Link DIR-400 Router Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022826
|
|
SecurityTracker URL: http://securitytracker.com/id?1022826
|
|
CVE Reference: CVE-2009-3347
(Links to External Site)
|
Updated: Sep 28 2009
|
Original Entry Date: Sep 4 2009
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): DIR-400
|
Description: A vulnerability was reported in the D-Link DIR-400 Router. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The
code will run with the privileges of the target service.
This vulnerability was reported in the VulnDisco version 8.10 release
[July 13, 2009].
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.dlink.com/ (Links to External Site)
|
Cause: Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 4 Sep 2009 10:13:55 -0400
Subject: D-Link Router
|
Name: D-Link DIR-400 exploit
Status: 0day
Details: Remote buffer overflow exploit for D-Link DIR-400 wireless router.
Listener: not necessary, portbind shellcode is used
Platform: Linux mipsbe
Vulndisco: 8.10
|
|
