CVE-2022-43648

Name of the Vulnerable Software and Affected Versions D-Link DIR-3040 version 1.20B03

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this issue. The specific flaw exists within the MiniDLNA service, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this issue to execute code in the context of the MiniDLNA service.

Recommendations As a temporary workaround, consider disabling the MiniDLNA service until a patch is available. Restrict access to the MiniDLNA service to minimize the risk of exploitation. Avoid using the MiniDLNA service in the affected D-Link DIR-3040 routers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.