PT-2023-6707 · D Link · D-Link N300 Wi-Fi Router Dir-605L

Xsz

Publicado

2023-02-10

Atualizado

2023-04-26

CVE-2023-24350

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link N300 WI-FI Router DIR-605L version 2.13B01

Description The issue is related to a stack overflow in the D-Link N300 WI-FI Router DIR-605L, which can be triggered via the config.smtp email subject parameter at the "/goform/formSetEmail" endpoint. This can potentially allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For D-Link N300 WI-FI Router DIR-605L version 2.13B01, consider disabling the /goform/formSetEmail endpoint or restricting access to the config.smtp email subject parameter until a patch is available. Avoid using the config.smtp email subject parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2023-07478

CVE-2023-24350

Produtos afetados

D-Link N300 Wi-Fi Router Dir-605L

PT-2023-6707 · D Link · D-Link N300 Wi-Fi Router Dir-605L

CVE-2023-24350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6