CVE-2023-32151

Name of the Vulnerable Software and Affected Versions D-Link DIR-2640 routers (affected versions not specified)

Description The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-2640-US router's firmware, specifically with insufficient validation of user-supplied input before it is used to execute a system call when handling the DestNetwork parameter. This can be exploited by a remote attacker to bypass security restrictions and execute arbitrary code. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed, allowing an attacker to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.