CVE-2023-32141

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dap-1360 FirmwareDlink Dap-2020 FirmwareD-link Dap-1360
Timeline
PublishedMay 3

Description

D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDdlink/dap-1360_firmware< 6.15eub01
CVEListV5d-link/dap-13606.14B01 EU HOTFIX
NVDdlink/dap-2020_firmware< 1.03rc004

Patches

Patch: supportannouncement.us.dlink.comPatch: supportannouncement.us.dlink.com

🔴Vulnerability Details

2
CVEList
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-jfm6-2h2m-p9x3: D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
CVE-2023-32141 (HIGH CVSS 8.8) | D-Link DAP-1360 webproc WEB_Display | cvebase.io