Arbitrary Code Execution Vulnerability in D-Link DIR-3040 Routers
CVE-2022-43648
8.8HIGH
What is CVE-2022-43648?
A vulnerability in D-Link DIR-3040 routers enables attackers on the same network to execute arbitrary code without authentication. This issue stems from inadequate validation of user-supplied data length within the MiniDLNA service. By exploiting this flaw, an attacker can manipulate the heap-based buffer, potentially compromising the integrity of the router's functionality and allowing further malicious actions.
Affected Version(s)
DIR-3040 1.20B03