DIR_878 1.30B08 Unauthorized stack overflow vulnerability
1. Affected version:
DIR_878-1.30B08
2. Firmware download address
https://support.dlink.com/resource/PRODUCTS/DIR-878/REVA/DIR-878_REVA_FIRMWARE_v1.30B08.zip
3. Vulnerability details
The function "sub_48d630" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
sub_48D348:
4. Recurring vulnerabilities and POC
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
5. Author
Truth @KRlab

