CVE-2023-51627

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
8.0HIGH
EPSS
1.2%
top 20.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dcs-8300lhv2 FirmwareD-link Dcs-8300lhv2
Timeline
PublishedMay 3

Description

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the parsing of Duration XML elements. The issue results from the lack of proper validation of the length

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dcs-8300lhv21.06.01

🔴Vulnerability Details

2
GHSA
GHSA-542w-wwr4-wgph: D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
CVEList
D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability2024-05-03
CVE-2023-51627 (HIGH CVSS 8) | D-Link DCS-8300LHV2 ONVIF Duration | cvebase.io