Stack Overflow Vulnerability in D-Link DIR820LA1 Firmware
CVE-2023-25281

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir820la1 Firmware
Vendor: CVE Published:; 16 March 2023

What is CVE-2023-25281?

A stack overflow vulnerability in the pingV4Msg component of the D-Link DIR820LA1 firmware can be exploited by attackers to induce a denial of service. By manipulating the nextPage parameter within the ping.ccp file, malicious actors could overwhelm the device, disrupting its normal operations and rendering it unresponsive. Users are advised to apply the necessary updates to mitigate possible threats.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/migraine-sudo/D_Link_Vuln/tree/main/st...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Feb 6, 2023