CVE-2006-3687
D-Link DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, EBR-2310 - Remote Code Execution via UPnP M-SEARCH Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3687. PoCs published by Barnaby Jack.
AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in D-Link routers, exploitable via a malformed M-SEARCH request sent to UDP port 1900. The lack of bounds checking allows remote code execution in the context of the affected device.
Description
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
Exploits (1)
The provided text describes a buffer overflow vulnerability in D-Link routers, exploitable via a malformed M-SEARCH request sent to UDP port 1900. The lack of bounds checking allows remote code execution in the context of the affected device.