CVE-2012-10021
high-risk
Published 2025-07-31
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
Do I need to act?
!
55.3% chance of exploitation in next 30 days
EPSS score — higher than 45% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (5)
Issue Tracking
https://forums.dlink.com/index.php?topic=51923.0
Third Party Advisory
https://www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-...
55
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
18/34 · Moderate
Exposure
5/34 · Minimal