Multiple D-Link routers fail to properly process UPnP M-SEARCH requests

2006-08-03T00:00:00
ID VU:971705
Type cert
Reporter CERT
Modified 2007-01-23T00:00:00

Description

Overview

A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device.

Description

UPnP

Universal Plug and Play (UPnP) is a system that allows network devices to operate together.

M-SEARCH
When a device adds itself to a UPnP network, it may send a broadcast request to get information about other UPnP devices already on the network. This broadcast message is called an M-SEARCH directive.

The problem
Sending an oversized M-SEARCH request to an affected D-Link router's LAN or WLAN interface may result in a buffer overflow. The following router models are reported to be affected:

  • DI-524 Rev A, C, D
  • DI-604 Rev E
  • DI-624 Rev C, D
  • DI-784 Rev A
  • EBR-2310 Rev A
  • WBR-1310 Rev A

Impact

An unauthenticated attacker may be able to execute arbitrary code or cause the router to reboot.


Solution