Unrated severityNVD Advisory· Published Jul 31, 2025· Updated Apr 7, 2026

D-Link DIR-605L Captcha Handling Buffer Overflow

CVE-2012-10021

Description

A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.

Affected products

Dlink/Dir 605lllm-fuzzy
Range: firmware versions 1.12 and 1.13
D-Link/DIR-605Lv5
Range: 1.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir605l_captcha_bof.rbmitreexploit
web.archive.org/web/20121012062554/http://www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/mitretechnical-descriptionexploit
www.exploit-db.com/exploits/29127mitreexploit
www.vulncheck.com/advisories/dlink-dir605l-captcha-handling-stack-based-buffer-overflowmitrethird-party-advisory
forums.dlink.com/index.phpmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.047
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000