Buffer Overflow Vulnerability in D-Link DI-7003GV2 and DI-7100G Series Devices
CVE-2023-45578

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Di-7003g Firmware
Vendor: CVE Published:; 16 October 2023

Summary

A buffer overflow vulnerability has been identified in various D-Link devices, including the DI-7003GV2 and DI-7100G series. This vulnerability arises when a remote attacker sends specially crafted input through the pap_en/chap_en parameter in the pppoe_base.asp function, allowing them to execute arbitrary code on the affected devices. Users are advised to update their firmware to the latest versions to mitigate potential exploits and secure their networks.

References

https://github.com/Archerber/bug_submit/blob/main/D-Link/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Oct 9, 2023