PT-2023-6458 · D Link · Di-7200Gv2+6
Published
2023-10-16
·
Updated
2023-10-19
·
CVE-2023-45575
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DI-7003GV2 versions 23.08.25D1 and earlier
D-Link DI-7100G versions 23.08.23D1 and earlier
D-Link DI-7100GV2 version 23.08.23D1
D-Link DI-7200G versions 23.08.23D1 and earlier
D-Link DI-7200GV2 versions 23.08.23E1 and earlier
D-Link DI-7300G version 23.08.23D1
D-Link DI-7400G versions 23.08.23D1 and earlier
Description
The issue is related to a buffer overflow in the
ip position.asp function of D-Link router microprogrammed software. This can allow a remote attacker to execute arbitrary code. The vulnerability is exploited via the ip parameter of the ip position.asp function.Recommendations
For D-Link DI-7003GV2 version 23.08.25D1 and earlier, update to a version later than 23.08.25D1.
For D-Link DI-7100G version 23.08.23D1 and earlier, update to a version later than 23.08.23D1.
For D-Link DI-7100GV2 version 23.08.23D1, update to a version later than 23.08.23D1.
For D-Link DI-7200G version 23.08.23D1 and earlier, update to a version later than 23.08.23D1.
For D-Link DI-7200GV2 version 23.08.23E1 and earlier, update to a version later than 23.08.23E1.
For D-Link DI-7300G version 23.08.23D1, update to a version later than 23.08.23D1.
For D-Link DI-7400G version 23.08.23D1 and earlier, update to a version later than 23.08.23D1.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Di-7003Gv2
Di-7100G
Di-7100Gv2
Di-7200G
Di-7200Gv2
Di-7300G
Di-7400G