CVE-2006-3687

D-Link DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, EBR-2310 - Remote Code Execution via UPnP M-SEARCH Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3687. PoCs published by Barnaby Jack.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in D-Link routers, exploitable via a malformed M-SEARCH request sent to UDP port 1900. The lack of bounds checking allows remote code execution in the context of the affected device.

Description

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Barnaby Jack · textdoshardware
https://www.exploit-db.com/exploits/28230

The provided text describes a buffer overflow vulnerability in D-Link routers, exploitable via a malformed M-SEARCH request sent to UDP port 1900. The lack of bounds checking allows remote code execution in the context of the affected device.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: D-Link wired and wireless routers (unspecified versions)
No auth needed
Prerequisites: Network access to UDP port 1900 on the target device
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440298/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440852/100/100/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21081
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/27333
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2829
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/971705
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19006
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016511
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27755

Scores

EPSS 0.1913
EPSS Percentile 97.0%

Details

Status published
Products (7)
d-link/di-604_broadband_router
d-link/di-784
d-link/ebr-2310_ethernet_broadband_router
d-link/wbr-1310_wireless_g_router
d-link/wbr-2310_rangebooster_g_router
dlink/di-524
dlink/di-624
Published Jul 21, 2006
Tracked Since Feb 18, 2026