A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device.
Universal Plug and Play (UPnP) is a system that allows network devices to operate together.
When a device adds itself to a UPnP network, it may send a broadcast request to get information about other UPnP devices already on the network. This broadcast message is called an M-SEARCH directive.
Sending an oversized M-SEARCH request to an affected D-Link router's LAN or WLAN interface may result in a buffer overflow. The following router models are reported to be affected:
* DI-524 Rev A, C, D * DI-604 Rev E * DI-624 Rev C, D * DI-784 Rev A * EBR-2310 Rev A * WBR-1310 Rev A
An unauthenticated attacker may be able to execute arbitrary code or cause the router to reboot.