We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2012-10021

D-Link DIR-605L Captcha Handling Buffer Overflow



Description

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.

Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheck


CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

1.12
affected

Credits

Craig Heffner finder

References

raw.githubusercontent.com/...tp/dlink_dir605l_captcha_bof.rb exploit

web.archive.org/...2012/10/exploiting-a-mips-stack-overflow/ technical-description exploit

www.exploit-db.com/exploits/29127 exploit

forums.dlink.com/index.php?topic=51923.0

www.vulncheck.com/...ha-handling-stack-based-buffer-overflow third-party-advisory

cve.org (CVE-2012-10021)

nvd.nist.gov (CVE-2012-10021)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2012-10021

Support options

Helpdesk Chat, Email, Knowledgebase