CVE-2012-10021
Published: 31 July 2025
Summary
CVE-2012-10021 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the buffer overflow flaw in the firmware via patches or updates.
Requires validation of the user-supplied FILECODE parameter in the /goform/formLogin endpoint to prevent stack buffer overflows from oversized CAPTCHA data.
Implements memory protections such as stack canaries, ASLR, and non-executable memory to block exploitation of the stack-based buffer overflow for arbitrary code execution.
NVD Description
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in…
more
/goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
Deeper analysisAI
CVE-2012-10021 is a stack-based buffer overflow vulnerability (CWE-121) in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13. The issue stems from unsafe usage of sprintf() in the getAuthCode() function when processing user-supplied CAPTCHA data supplied via the FILECODE parameter in the /goform/formLogin endpoint.
A remote unauthenticated attacker can exploit this vulnerability over the network with low complexity, no privileges, and no user interaction required. Successful exploitation enables arbitrary code execution with root privileges on the device, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Advisories and references, including a D-Link forum thread, a Metasploit Framework exploit module for the D-Link DIR-605L CAPTCHA buffer overflow, an archived 2012 blog post on MIPS stack overflow exploitation, an Exploit-DB entry, and a Vulncheck advisory on CAPTCHA handling, document the flaw and provide exploit code, indicating public availability since at least 2012.
Exploitation details have been publicly available for over a decade via these resources, underscoring risks to unpatched legacy devices.
Details
- CWE(s)