{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87415?format=json","vulnerability_id":"VCID-qrvy-zjxu-gkhk","summary":"A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.","aliases":[{"alias":"CVE-2012-10021"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-10021","reference_id":"","reference_type":"","scores":[{"value":"0.71246","scoring_system":"epss","scoring_elements":"0.98736","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-10021"},{"reference_url":"https://www.exploit-db.com/exploits/29127","reference_id":"29127","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-31T18:30:55Z/"}],"url":"https://www.exploit-db.com/exploits/29127"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb","reference_id":"dlink_dir605l_captcha_bof.rb","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-31T18:30:55Z/"}],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb"},{"reference_url":"https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow","reference_id":"dlink-dir605l-captcha-handling-stack-based-buffer-overflow","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-31T18:30:55Z/"}],"url":"https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflow"},{"reference_url":"https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/","reference_id":"exploiting-a-mips-stack-overflow","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-31T18:30:55Z/"}],"url":"https://web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/"},{"reference_url":"https://forums.dlink.com/index.php?topic=51923.0","reference_id":"index.php?topic=51923.0","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-31T18:30:55Z/"}],"url":"https://forums.dlink.com/index.php?topic=51923.0"}],"weaknesses":[{"cwe_id":121,"name":"Stack-based Buffer Overflow","description":"A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function)."}],"exploits":[{"date_added":null,"description":"This module exploits an anonymous remote code execution vulnerability on D-Link DIR-605L routers. The\n          vulnerability exists while handling user supplied captcha information, and is due to the\n          insecure usage of sprintf on the getAuthCode() function. This module has been tested\n          successfully on D-Link DIR-605L firmware 1.13 (emulated) and firmware 1.12 (real).","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2012-10-08","exploit_type":null,"platform":"Linux","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rb"}],"severity_range_score":"9.3 - 9.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrvy-zjxu-gkhk"}