CVE-2023-43197

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link device DI-7200GV2.E1 version 21.04.09E1

Description The issue is related to a stack overflow in the tgfile.asp function when processing the fn parameter. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The tgfile.asp function is vulnerable due to a buffer overflow in memory when handling the fn parameter.

Recommendations For D-Link device DI-7200GV2.E1 version 21.04.09E1, consider disabling the tgfile.asp function or restricting access to it until a patch is available. Avoid using the fn parameter in the affected function to minimize the risk of exploitation.

Exploit

Fix

Stack Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787CWE-119

Related Identifiers

BDU:2023-06006

CVE-2023-43197

Affected Products

Di-7200Gv2.E1

CVE-2023-43197

Weakness Enumeration

Related Identifiers

Affected Products

References · 7