CyberSec.Space Logo
Back to CVE Browser

CVE-2012-10021

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile17.38th
PublishedJul 31, 2025
Last ModifiedSep 23, 2025

Vulnerability Description

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.

Affected Platforms (CPE)

πŸ’»
Dlink

Dir 605l Firmware

>= 1.12 and <= 1.13

References & Advisories

πŸ”— https://forums.dlink.com/index.php?topic=51923.0
πŸ”— https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb
πŸ”— https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/
πŸ”— https://www.exploit-db.com/exploits/29127
πŸ”— https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow

Related Vulnerabilities

CVE-2020-193188.8

Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized atta...

CVE-2017-96757.5

On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...