CVE-2020-29557

CVSS 9.8 CRITICALEPSS 54.3%● KEVCWE-119

In short

A buffer overflow vulnerability in D-Link DIR-825 R1's web interface allows attackers to run malicious code on the router without needing to log in first. This is critical because anyone on the internet can potentially take control of your router.

Technical detail

A stack-based buffer overflow exists in the web interface of D-Link DIR-825 R1 (firmware ≤3.0.1) accessible pre-authentication. The vulnerability allows remote attackers to overflow a buffer and achieve arbitrary code execution with router privileges via a crafted HTTP request. Affected versions lack proper input validation on web parameters.

Summary generated and translated by AI from the official description.

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://shaqed.github.io/dlink/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29557 https://www.dlink.ru/ru/download2/5/19/2354/441/