The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
RCE
Buffer Overflow
D-Link
Dir 629 B Firmware
NVD
GitHub
CVSS 3.0
9.8
EPSS
5.4%