Multiple D-Link Routers UPNP Buffer Overflow Vulnerability

ID EDB-ID:28230
Type exploitdb
Reporter Barnaby Jack
Modified 2006-07-17T00:00:00


Multiple D-Link Routers UPNP Buffer Overflow Vulnerability. CVE-2006-3687. Dos exploit for hardware platform


D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected device.

Attackers can exploit this issue by sending a request of the form:

M-SEARCH <800 byte string> HTTP/1.0

to UDP port 1900.