CVE-2018-20305
CVE-2018-20305 affects D-Link DIR-816 A2 with firmware 1.10 B05. The /goform/form2userconfig.cgi handler accepts a long password in the newpass parameter, causing a stack-based buffer overflow that can overwrite a return address and allows arbitrary remote code execution without authentication. N...