D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-51626
8.8HIGH
What is CVE-2023-51626?
A stack-based buffer overflow vulnerability in D-Link's DCS-8300LHV2 IP cameras arises from inadequate validation of user-supplied data length in the Authorization header by the RTSP server. Attackers on the same network can exploit this flaw, allowing unauthorized execution of arbitrary code with root privileges. The issue presents a significant security risk as it does not require authentication, making it accessible to potential intruders. The RTSP server listens on TCP port 554, further facilitating the exploit for savvy attackers.