VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 2, 2021· Updated Aug 3, 2024

CVE-2021-30072

CVE-2021-30072

Description

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated stack-based buffer overflow in prog.cgi on D-Link DIR-878 1.30B08 allows LAN-side attackers to crash the device.

Vulnerability

A stack-based buffer overflow vulnerability exists in the prog.cgi binary on D-Link DIR-878 routers running firmware version 1.30B08 and below. The issue is caused by misuse of the strcat function in the main function of prog.cgi, leading to a buffer overflow when processing a malicious request. No authentication is required to trigger the vulnerability. [1]

Exploitation

An attacker on the local network (LAN-side) can send a specially crafted request to the target device's prog.cgi endpoint. The request triggers the buffer overflow due to improper bounds checking in the strcat call. No prior authentication or user interaction is needed. [1]

Impact

Successful exploitation causes the prog.cgi process to crash, resulting in device malfunction. The vulnerability is limited to a denial-of-service condition; the advisory does not indicate remote code execution or data exfiltration. [1]

Mitigation

D-Link has released a hotfix firmware version v1.30B08 Hotfix for Buffer Overflow to address this issue. Users are advised to update their DIR-878 routers (all Ax hardware revisions) to the fixed firmware. The hotfix is available from D-Link's support page. [1]

References
  1. D-Link Technical Support

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • D-Link/DIR-878description
  • Dlink/DIR878llm-fuzzy
    Range: = 1.30B08

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.