Stack Overflow Vulnerability in D-Link N300 WI-FI Router
CVE-2023-24343

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-605l Firmware
Vendor: CVE Published:; 10 February 2023

What is CVE-2023-24343?

The D-Link N300 WI-FI Router DIR-605L, specifically version v2.13B01, is affected by a stack overflow vulnerability. This flaw is triggered through the passing of the curTime parameter at the /goform/formSchedule endpoint. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code, potentially compromising the router's security and the network it serves. Users are encouraged to apply any available patches or updates to mitigate the risk.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/1160300418/Vuls/tree/main/D-Link/DIR-6...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2023
Vulnerability Reserved
Jan 23, 2023

JSON