D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-41206
8.8HIGH
What is CVE-2023-41206?
A stack-based buffer overflow vulnerability has been identified in the D-Link DAP-1325 routers, which can be exploited by network-adjacent attackers to execute arbitrary code. This flaw occurs in the handling of XML data sent to the HNAP1 SOAP endpoint, where the size of user-provided data is not properly validated before being copied to a fixed-length stack-based buffer. As a result, attackers can potentially run code with root privileges, compromising the integrity and security of the affected devices.
Affected Version(s)
DAP-1325 1.07b01