CVE-2021-26709

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/08/2021 04:15:00 PM UTC

CVE-2021-26709

The following vulnerability was found:

** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2021-26709 has been assigned by [email protected] to track the vulnerability

CVE References

Description	Tags ^ⓘ	Link
D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/162133/D-Link-DSL-320B-D1-Pre-Authentication-Buffer-Overflow.html
D-Link Technical Support	supportannouncement.us.dlink.com text/html	MISC supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10216
Full Disclosure: CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem	seclists.org text/html	FULLDISC 20210408 CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem
Security Bulletin \| D-Link	www.dlink.com text/html	MISC www.dlink.com/en/security-bulletin

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

There are no known software configurations (CPEs) currently associated with this CVE

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2021-26709 : D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows th… twitter.com/i/web/status/1…	2021-04-07 11:05:24
@SecurityNewsbot	D-Link DSL-320B-D1 Pre-Authentication Buffer #Overflow packetstormsecurity.com/files/162133/C… #PacketStorm	2021-04-08 14:45:10
/r/bag_o_news	CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem	2021-04-10 12:13:34