A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 23 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-605l
Dlink dir-605l Firmware
CPEs cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Thu, 31 Jul 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-605l
Vendors & Products D-link
D-link dir-605l

Thu, 31 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 31 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
Title D-Link DIR-605L Captcha Handling Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-07-31T18:31:32.054Z

Reserved: 2025-07-30T17:20:30.437Z

Link: CVE-2012-10021

cve-icon Vulnrichment

Updated: 2025-07-31T18:31:05.553Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-31T15:15:32.597

Modified: 2025-09-23T17:45:55.843

Link: CVE-2012-10021

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-31T19:36:24Z