Stack Overflow Vulnerability in D-Link DI-7200GV2 Device
CVE-2023-43197

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Di-7200g Firmware
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-43197?

The D-Link DI-7200GV2 device has a vulnerability that allows a stack overflow through the fn parameter in the tgfile.asp function. This security flaw could potentially allow attackers to execute arbitrary code or gain unauthorized access to sensitive data, compromising the integrity and availability of the device and the network it serves.

References

https://github.com/Archerber/bug_submit/blob/main/D-Link/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 18, 2023