EUVD-2025-18394
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Analysis
Critical stack-based buffer overflow vulnerability in D-Link DIR-632 firmware version FW103B08, affecting the HTTP POST request handler's get_pure_content function. An unauthenticated remote attacker can exploit this via a malicious Content-Length header to achieve complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code exists for this end-of-life product, creating immediate risk for any remaining deployed instances.
Technical Context
The vulnerability exists in the HTTP POST request handler component of D-Link DIR-632 routers running firmware FW103B08. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow. The vulnerable function get_pure_content improperly validates the Content-Length HTTP header parameter before using it to allocate or write to stack-allocated buffers. When an attacker supplies a Content-Length value larger than the buffer size, the HTTP handler writes beyond buffer boundaries, corrupting the stack and enabling control flow hijacking. D-Link DIR-632 is a consumer-grade SOHO router (CPE would be cpe:2.3:h:d-link:dir-632:-:*:*:*:*:*:*:* with firmware cpe:2.3:o:d-link:dir-632_firmware:fw103b08:*:*:*:*:*:*:*). This class of vulnerability is typical in embedded device firmware where memory safety is not enforced and input validation is minimal.
Affected Products
D-Link DIR-632 router running firmware version FW103B08 and possibly earlier/related firmware versions. The product is end-of-life and no longer receives vendor support or patches. CPE identifiers: cpe:2.3:h:d-link:dir-632:-:*:*:*:*:*:*:* (hardware) and cpe:2.3:o:d-link:dir-632_firmware:fw103b08:*:*:*:*:*:*:* (affected firmware). No specific vendor advisory or patch URL is provided in the available intelligence; D-Link has not issued patches due to EOL status. Affected configurations include default deployments and any network where this router model is still active.
Remediation
No patch is available from D-Link as the DIR-632 is end-of-life. Remediation options: (1) **Immediate replacement**: Retire DIR-632 units and replace with current-generation D-Link routers receiving active firmware support; (2) **Network isolation**: If replacement is not immediately possible, segment DIR-632 routers from critical network segments and restrict external access via firewall rules; (3) **Disable remote management**: Ensure WAN-side HTTP/HTTPS access to the router's web interface is disabled in firewall settings; (4) **Access controls**: Restrict access to the router's management interface to trusted internal networks only; (5) **Monitoring**: Deploy IDS/IPS signatures detecting abnormal Content-Length values in HTTP POST requests to routers. No firmware patches or vendor workarounds are available. Organizations should prioritize DIR-632 units for urgent replacement in their asset inventory.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today