D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-41216
6.8MEDIUM
What is CVE-2023-41216?
A buffer overflow vulnerability exists in the D-Link DIR-3040 router, specifically within the prog.cgi binary responsible for processing HNAP requests on the lighttpd web server. This security flaw arises from inadequate validation of user-supplied input when copied to a fixed-length stack buffer, potentially allowing network-adjacent attackers to execute arbitrary code with root privileges on inadequately secured systems. Authentication is a prerequisite for the exploitation of this vulnerability, heightening the importance of securing device management interfaces.
Affected Version(s)
DIR-3040 120B03