CVE-2023-26616

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G firmware version 1.02B05

Description The issue is related to a buffer overflow in the implementation of the HNAP1 protocol in the D-Link DIR-823G router's firmware. This occurs when processing the SetParentsControlInfo parameter, specifically due to the URL field. Exploitation of this issue could allow a remote attacker to cause a denial of service.

Recommendations For D-Link DIR-823G firmware version 1.02B05, as a temporary workaround, consider disabling the SetParentsControlInfo function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the URL field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.