D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18414.
2024-05-03T02:15:16.860
2025-05-16T19:08:43.250
Analyzed
CVSSv3.1: 8.8 (HIGH)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | dlink | dap-1360_firmware | < 6.15eub01 | Yes |
Hardware | dlink | dap-1360 | f1 | No |
Operating System | dlink | dap-2020_firmware | < 1.03rc004 | Yes |
Hardware | dlink | dap-2020 | a2 | No |