We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheckCWE-121 Stack-based Buffer Overflow
Craig Heffner
raw.githubusercontent.com/...tp/dlink_dir605l_captcha_bof.rb
web.archive.org/...2012/10/exploiting-a-mips-stack-overflow/
www.exploit-db.com/exploits/29127
forums.dlink.com/index.php?topic=51923.0
www.vulncheck.com/...ha-handling-stack-based-buffer-overflow
Support options