CVE-2023-32149

Name of the Vulnerable Software and Affected Versions D-Link DIR-2640 versions (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the prog.cgi web management interface of D-Link DIR-2640 routers. This occurs due to improper validation of user-supplied data length before copying it to a fixed-length stack-based buffer. An attacker can exploit this to execute arbitrary code on affected installations without requiring authentication. The vulnerability is in the web management interface, which listens on TCP port 80 by default, and it allows code execution in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.