Intrusion Prevention

UPnP.M-SEARCH.Stack.Overflow

Description

It indicates a possible exploit of a buffer overflow vulnerability in D-Link Routers.
This flaw is due to a stack-based buffer overflow in the UPnP (Universal Plug and Play) service when handling an overly long "M-SEARCH" request.

Affected Products

D-Link DI-524
D-Link DI-604 Broadband Router
D-Link DI-624
D-Link DI-784
D-Link WBR-1310 Wireless G Router
D-Link WBR-2310 RangeBooster G Router
D-Link EBR-2310 Ethernet Broadband Router

Impact

The execution of arbitrary code on the system.

Recommended Actions

Apply patches :
http://support.dlink.com/downloads/

CVE References

CVE-2006-3687