CVE-2023-39666

Name of the Vulnerable Software and Affected Versions D-Link DIR-842 version fw revA 1-02 eu multi 20151008 D-Link DIR-880 version A1

Description The issue is related to buffer overflow errors in the fgets function of the D-Link DIR-880 and DIR-842 firmware. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability is specifically related to the acStack 120 and acStack 220 parameters.

Recommendations For D-Link DIR-842 version fw revA 1-02 eu multi 20151008, consider disabling the fgets function until a patch is available. For D-Link DIR-880 version A1, restrict access to the vulnerable acStack 120 and acStack 220 parameters to minimize the risk of exploitation. As a temporary workaround, avoid using the acStack 120 and acStack 220 parameters in the affected API endpoint until the issue is resolved.