CVE-2012-10021
D-Link DIR-605L Captcha Handling Buffer Overflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
| CWE | CWE-121 |
| Vendor | d-link |
| Product | dir-605l |
| Published | Jul 31, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dir-605l
Be the first to know when new unknown vulnerabilities affecting d-link dir-605l are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
D-Link / DIR-605L
1.12 โค 1.13
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb web.archive.org: https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/ exploit-db.com: https://www.exploit-db.com/exploits/29127 forums.dlink.com: https://forums.dlink.com/index.php?topic=51923.0 vulncheck.com: https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow
Credits
Craig Heffner