CVE-2023-32146Stack-based Buffer Overflow in Dlink Dap-1360 Firmware

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 44.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dap-1360 FirmwareDlink Dap-2020 FirmwareD-link Dap-1360
Timeline
PublishedMay 3

Description

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDdlink/dap-1360_firmware< 6.15eub01
CVEListV5d-link/dap-13606.14B01 EU HOTFIX
NVDdlink/dap-2020_firmware< 1.03rc004

Patches

Patch: supportannouncement.us.dlink.comPatch: supportannouncement.us.dlink.com

🔴Vulnerability Details

2
CVEList
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
GHSA
GHSA-ww8m-4272-59w5: D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
CVE-2023-32146 — Stack-based Buffer Overflow in Dlink | cvebase