D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-51627

8HIGH

Key Information:

Vendor: D-Link
Status: Dcs-8300lhv2 Firmware
Vendor: CVE Published:; 3 May 2024

Summary

The D-Link DCS-8300LHV2 IP camera is impacted by a stack-based buffer overflow vulnerability, allowing network-adjacent attackers to execute arbitrary code. The flaw originates from improper validation of the length of user-supplied data in Duration XML elements, which leads to the potential bypassing of authentication mechanisms. Successful exploitation of this vulnerability can enable attackers to execute code with root privileges, posing significant security risks for deployed devices.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-047/

https://supportannouncement.us.dlink.com/announcement/pub...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024