SB2016081203 - Remote buffer overflow in D-Link routers

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2016-5681)

The vulnerability allows a remote attacker to execute arbitrary code on the target device.

The vulnerability exists due to a boundary error in cgibin binary, intended to handle session cookie. This binary is called from different parts of D-Link web interface, including the service, exposed through the WAN network interface on port 8181/TCP. A remote attacker can send a specially crafted "uid" cookie via the HTTP POST request to "/dws/api/Login" login page, cause buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may allow an attacker to obtain full access to vulnerable device and use it to gain access to local network.

Remediation

Install update from vendor's website.

References

• http://www.kb.cert.org/vuls/id/332115
• http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063