D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability
CVE-2023-32143
8.8HIGH
What is CVE-2023-32143?
An identified vulnerability within the D-Link DAP-1360 routers enables network-adjacent attackers to execute arbitrary code. The flaw lies in the handling of user-supplied data via the /cgi-bin/webupg endpoint. Inadequate validation allows an integer overflow, which can lead to buffer allocation issues. Exploiting this vulnerability does not require any form of authentication, making DAP-1360 installations particularly susceptible to attack. Once compromised, an attacker can execute code with root privileges, posing a significant risk to network security.
Affected Version(s)
DAP-1360 6.14B01 EU HOTFIX