D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-41221
6.8MEDIUM
What is CVE-2023-41221?
A vulnerability exists in D-Link DIR-3040 routers due to a stack-based buffer overflow within the prog.cgi binary, which processes HNAP requests on the lighttpd webserver. This flaw allows authenticated network-adjacent attackers to execute arbitrary code with root privileges by sending specially crafted input. The lack of robust validation of user-supplied strings when copying to a fixed-size buffer is the root cause, posing significant security risks to affected installations.
Affected Version(s)
DIR-3040 120B03