CVE-2021-43722

D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
dlinkdir-645_firmware
1.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/luqiut/iot/blob/main/DIR-645%20Stack%20overflow.md
https://www.dlink.com/en/security-bulletin/
https://github.com/luqiut/iot/blob/main/DIR-645%20Stack%20overflow.md
https://www.dlink.com/en/security-bulletin/