D-Link DIR-3040 prog.cgi SetDeviceSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-41224
6.8MEDIUM
What is CVE-2023-41224?
A stack-based buffer overflow vulnerability exists within the D-Link DIR-3040 router, specifically in the prog.cgi binary that processes HNAP requests through the lighttpd webserver on TCP ports 80 and 443. This flaw arises from inadequate validation of user-supplied strings, which can lead to significant security implications. If exploited, this vulnerability enables a network-adjacent attacker to execute arbitrary code with root privileges on the affected device. Successful exploitation necessitates authentication, thereby limiting access to potential attackers. Proper measures must be taken to mitigate this risk to network integrity.
Affected Version(s)
DIR-3040 120B03