CVE-2023-44404

Name of the Vulnerable Software and Affected Versions D-Link DAP-1325 (affected versions not specified)

Description The issue is related to a buffer overflow in the D-Link DAP-1325 wireless signal amplifier's firmware, allowing remote attackers to execute arbitrary code. This is due to the lack of proper validation of user-supplied data length before copying it to a fixed-length stack-based buffer, specifically within the handling of XML data provided to the HNAP1 SOAP endpoint /HNAP1. An attacker can leverage this to execute code in the context of root. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.