Memory Corruption Vulnerability in D-Link DCS-1100 and DCS-1130 UPnP Handling

Memory Corruption Vulnerability in D-Link DCS-1100 and DCS-1130 UPnP Handling

CVE-2017-8414 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.

Learn more about our Web Application Penetration Testing UK.