Stack Overflow Vulnerability in D-Link Router DI-7200GV2
CVE-2023-43201

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Di-7200g Firmware
Vendor: CVE Published:; 20 September 2023

Summary

The D-Link router model DI-7200GV2, specifically version v21.04.09E1, has been found to contain a stack overflow vulnerability. This issue arises from improper handling of the 'hi_up' parameter within the 'qos_ext.asp' function, potentially allowing attackers to exploit this weakness to execute arbitrary code or disrupt device functionality. Users of the affected product are strongly advised to implement available patches and monitor network traffic for any unusual activity.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/Archerber/bug_submit/blob/main/D-Link/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 18, 2023