CVE-2023-45578

Name of the Vulnerable Software and Affected Versions D-Link DI-7003GV2.D1 versions 23.08.25D1 and earlier D-Link DI-7100G+V2.D1 versions 23.08.23D1 and earlier D-Link DI-7100GV2.D1 version 23.08.23D1 D-Link DI-7200G+V2.D1 versions 23.08.23D1 and earlier D-Link DI-7200GV2.E1 versions 23.08.23E1 and earlier D-Link DI-7300G+V2.D1 version 23.08.23D1 D-Link DI-7400G+V2.D1 versions 23.08.23D1 and earlier

Description The issue is related to a Buffer Overflow in the pppoe base.asp function, allowing a remote attacker to execute arbitrary code via the pap en/chap en parameter. This can enable the attacker to perform unauthorized actions.

Recommendations For D-Link DI-7003GV2.D1 versions 23.08.25D1 and earlier, update to a version later than 23.08.25D1. For D-Link DI-7100G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. For D-Link DI-7100GV2.D1 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7200G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. For D-Link DI-7200GV2.E1 versions 23.08.23E1 and earlier, update to a version later than 23.08.23E1. For D-Link DI-7300G+V2.D1 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7400G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. As a temporary workaround, consider disabling the pppoe base.asp function until a patch is available.