D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-41210
8.8HIGH
What is CVE-2023-41210?
A stack-based buffer overflow vulnerability exists in the D-Link DAP-1325 routers, specifically within the handling of XML data in the HNAP1 SOAP endpoint. The flaw arises from inadequate validation of the length of user-supplied data, allowing an attacker to overwrite a fixed-length buffer. This exploitation can lead to remote code execution, enabling attackers to execute arbitrary commands in the root context without requiring authentication. Users of affected D-Link DAP-1325 routers are strongly advised to review the provided patches and security advisories to mitigate any potential risks associated with this vulnerability.
Affected Version(s)
DAP-1325 1.07b01