ZDI-CAN-8458: D-Link DCS-960L HNAP SOAPAction Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DCS-960L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-8458?
ZDI-CAN-8458 is considered a critical vulnerability due to its ability to allow remote code execution without authentication.
How do I fix ZDI-CAN-8458?
To mitigate ZDI-CAN-8458, update your D-Link DCS-960L device to the latest firmware version provided by D-Link.
Who is affected by ZDI-CAN-8458?
ZDI-CAN-8458 affects installations of the D-Link DCS-960L camera that have the HNAP service enabled.
Can ZDI-CAN-8458 be exploited remotely?
Yes, ZDI-CAN-8458 can be exploited remotely as it does not require authentication.
What kind of attacks can ZDI-CAN-8458 allow?
ZDI-CAN-8458 can allow remote attackers to execute arbitrary code on the affected D-Link devices.
- agent/references
- agent/softwarecombine
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-1031
- alias/ZDI-CAN-8458
- alias/CVE-2019-17146
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/d-link
- canonical/d-link dcs-960l