CVE-2023-44419

Name of the Vulnerable Software and Affected Versions D-Link DIR-X3260 (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the prog.cgi component of D-Link DIR-X3260 Wi-Fi routers, allowing attackers to execute arbitrary code. This can be exploited by network-adjacent attackers without requiring authentication. The flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver, due to the lack of proper validation of user-supplied data length prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.