D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability
CVE-2023-32150
6.8MEDIUM
What is CVE-2023-32150?
A vulnerability exists in the D-Link DIR-2640 routers that allows network-adjacent attackers to execute arbitrary code. This situation arises from improper validation of the PrefixLen parameter in the HNAP1 endpoint, which is susceptible to command injection. Although authentication is required for exploitation, it can be bypassed, enabling an attacker to run commands with root privileges. Proactive measures should be taken to mitigate potential threats related to this flaw.
Affected Version(s)
DIR-2640 1.11B02 (non-US, CA version)