CVE-2023-45580

Name of the Vulnerable Software and Affected Versions D-Link DI-7003GV2 versions 23.08.25D1 and before D-Link DI-7100G+V2 versions 23.08.23D1 and before D-Link DI-7100GV2 version 23.08.23D1 D-Link DI-7200G+V2 versions 23.08.23D1 and before D-Link DI-7200GV2 versions 23.08.23E1 and before D-Link DI-7300G+V2 version 23.08.23D1 D-Link DI-7400G+V2 versions 23.08.23D1 and before

Description The issue is related to a buffer overflow in the ddns.asp component of D-Link router microprogrammed software. This allows a remote attacker to execute arbitrary code via the wild/mx and other parameters of the ddns.asp function.

Recommendations For D-Link DI-7003GV2 versions 23.08.25D1 and before, consider disabling the ddns.asp function until a patch is available. For D-Link DI-7100G+V2 versions 23.08.23D1 and before, restrict access to the ddns.asp component to minimize the risk of exploitation. For D-Link DI-7100GV2 version 23.08.23D1, avoid using the wild/mx parameter in the ddns.asp function until the issue is resolved. For D-Link DI-7200G+V2 versions 23.08.23D1 and before, temporarily disable the ddns.asp function to prevent exploitation. For D-Link DI-7200GV2 versions 23.08.23E1 and before, restrict the use of the ddns.asp component until a fix is available. For D-Link DI-7300G+V2 version 23.08.23D1, consider disabling the ddns.asp function as a temporary workaround. For D-Link DI-7400G+V2 versions 23.08.23D1 and before, avoid using the vulnerable parameters of the ddns.asp function until the issue is resolved.