CVE-2023-32138

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360 (affected versions not specified) D-Link DAP-2020 (affected versions not specified)

Description The issue is related to a heap-based buffer overflow in the webproc microprogram of D-Link DAP-2020 and DAP-1360 wireless access points. This can be exploited by a remote attacker to execute arbitrary code. The specific flaw exists within the handling of requests to the "/cgi-bin/webproc" endpoint, due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For D-Link DAP-1360, restrict access to the "/cgi-bin/webproc" endpoint to minimize the risk of exploitation. For D-Link DAP-2020, consider disabling the webproc microprogram until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.