CVE-2023-43196

Name of the Vulnerable Software and Affected Versions D-Link DI-7200G V2 version 21.04.09E1

Description The issue is related to a buffer overflow in the arp sys.asp component of the D-Link DI-7200G V2 router's firmware when processing the zn jb parameter. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by a stack overflow via the zn jb parameter in the arp sys.asp function.

Recommendations For D-Link DI-7200G V2 version 21.04.09E1, as a temporary workaround, consider disabling the arp sys.asp function until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the zn jb parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.