D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description
D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web management interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19546.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unverified stack buffer overflow in D-Link DIR-2640 prog.cgi allows network-adjacent unauthenticated attackers to achieve root-level RCE on firmware versions 1.11B02 and earlier.
Vulnerability
The vulnerability resides in the prog.cgi binary of the D-Link DIR-2640 router web management interface, which listens on TCP port 80 by default. A stack-based buffer overflow occurs because the program copies user-supplied data into a fixed-size stack buffer without proper length validation. Affected firmware versions are v1.11B02, v1.11B02 Beta01, and all earlier releases for hardware revision Ax [1][2].
Exploitation
An attacker must be network-adjacent (i.e., on the same local network segment) to reach the web interface. No authentication is required. The attacker sends a crafted HTTP request to the prog.cgi endpoint containing data that exceeds the allocated buffer length, triggering the overflow and allowing overwrite of the return address or other critical stack data [2].
Impact
Successful exploitation grants arbitrary code execution in the context of the root user. This provides full administrative control over the router, enabling the attacker to intercept, modify, or redirect network traffic, install persistent malware, or use the device as a pivot for further attacks [2].
Mitigation
D-Link has released firmware version v1.11B02_Beta_Hotf… (exact hotfix name not fully disclosed) as a fix for this vulnerability [1]. Users are advised to update to the latest firmware available from the D-Link support website. If the device is no longer supported or an update cannot be applied, consider replacing the router or isolating it from untrusted network segments. There is no indication that this CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- supportannouncement.us.dlink.com/announcement/publication.aspxmitrevendor-advisory
- www.zerodayinitiative.com/advisories/ZDI-23-541/mitrex_research-advisory
News mentions
0No linked articles in our index yet.