CVE-2021-34829 — Classic Buffer Overflow in D-link Dap-1330

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.3%

top 20.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dap-1330 Dlink Dap-1330 Firmware

Timeline

PublishedJul 15

Latest updateMay 24

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5d-link/dap-13301.13B01 BETA

▶NVDdlink/dap-1330_firmware1.13b01

🔴Vulnerability Details

GHSA

GHSA-jxg4-v6fp-mf72: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1↗2022-05-24

▶

CVEList

CVE-2021-34829: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1↗2021-07-15

▶