{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2012-10021", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-07-30T17:20:30.437Z", "datePublished": "2025-07-31T14:54:19.755Z", "dateUpdated": "2025-11-20T21:28:06.069Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["/goform/formLogin"], "product": "DIR-605L", "vendor": "D-Link", "versions": [{"lessThanOrEqual": "1.13", "status": "affected", "version": "1.12", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.13", "versionStartIncluding": "1.12", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Heffner"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the <code>getAuthCode()</code> function. The flaw arises from unsafe usage of <code>sprintf()</code> when processing user-supplied CAPTCHA data via the <code>FILECODE</code> parameter in <code>/goform/formLogin</code>. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device."}], "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:28:06.069Z"}, "references": [{"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb"}, {"tags": ["technical-description", "exploit"], "url": "https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/29127"}, {"url": "https://forums.dlink.com/index.php?topic=51923.0"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow"}], "source": {"discovery": "UNKNOWN"}, "title": "D-Link DIR-605L Captcha Handling Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-31T18:30:55.263379Z", "id": "CVE-2012-10021", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-31T18:31:32.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2012-10021", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-31T18:30:55.263379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-31T18:31:05.553Z"}}], "cna": {"title": "D-Link DIR-605L Captcha Handling Buffer Overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Craig Heffner"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "D-Link", "modules": ["/goform/formLogin"], "product": "DIR-605L", "versions": [{"status": "affected", "version": "1.12", "versionType": "semver", "lessThanOrEqual": "1.13"}], "defaultStatus": "unknown"}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/", "tags": ["technical-description", "exploit"]}, {"url": "https://www.exploit-db.com/exploits/29127", "tags": ["exploit"]}, {"url": "https://forums.dlink.com/index.php?topic=51923.0"}, {"url": "https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.", "supportingMedia": [{"type": "text/html", "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the <code>getAuthCode()</code> function. The flaw arises from unsafe usage of <code>sprintf()</code> when processing user-supplied CAPTCHA data via the <code>FILECODE</code> parameter in <code>/goform/formLogin</code>. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.13", "versionStartIncluding": "1.12"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-11-20T21:28:06.069Z"}}}, "cveMetadata": {"cveId": "CVE-2012-10021", "state": "PUBLISHED", "dateUpdated": "2025-11-20T21:28:06.069Z", "dateReserved": "2025-07-30T17:20:30.437Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-31T14:54:19.755Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DEC5108-2DAB-4F09-A0A1-917FD604235B", "versionEndIncluding": "1.13", "versionStartIncluding": "1.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD4E3AA2-EC1C-4219-8E13-B52D30A7FA06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en las versiones de firmware 1.12 y 1.13 del D-Link DIR-605L Wireless N300 Cloud Router mediante la funci\u00f3n getAuthCode(). La falla se debe al uso inseguro de sprintf() al procesar datos CAPTCHA proporcionados por el usuario mediante el par\u00e1metro FILECODE en /goform/formLogin. Un atacante remoto no autenticado puede explotar esto para ejecutar c\u00f3digo arbitrario con privilegios de root en el dispositivo."}], "id": "CVE-2012-10021", "lastModified": "2025-09-23T17:45:55.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-31T15:15:32.597", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Issue Tracking"], "url": "https://forums.dlink.com/index.php?topic=51923.0"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/29127"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-07-31T19:36:24.218428+00:00", "updated": "2025-07-31T19:36:24.218505+00:00", "vendors": ["d-link", "d-link$PRODUCT$dir-605l"]}