Vulnerability CVE-2019-10892


Published: 2019-09-06

Description:
hnap_main in /htdocs/cgibin on D-link DIR-806 v1.0 devices has a stack-based buffer overflow via a long HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Dlink
Product: Dir-806 firmware 
Version: 1.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://github.com/Kirin-say/Vulnerabilities/blob/master/DIR-806_Stack_Overflow_to_Run_Shellcode.md

Related CVE
CVE-2019-16057
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
CVE-2019-16190
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
CVE-2019-10891
D-Link DIR-806 devices allow remote attackers to execute arbitrary shell commands via a trailing substring of an HTTP header that has "SOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/" at the beginning.
CVE-2019-15530
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVE-2019-15529
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVE-2019-15528
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.
CVE-2019-15527
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.
CVE-2019-15526
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.

Copyright 2019, cxsecurity.com

 

Back to Top