CVE-2023-45572

Name of the Vulnerable Software and Affected Versions D-Link DI-7003GV2 versions 23.08.25D1 and before D-Link DI-7100G+V2 versions 23.08.23D1 and before D-Link DI-7100GV2 version 23.08.23D1 D-Link DI-7200G+V2 versions 23.08.23D1 and before D-Link DI-7200GV2 versions 23.08.23E1 and before D-Link DI-7300G+V2 version 23.08.23D1 D-Link DI-7400G+V2 versions 23.08.23D1 and before

Description The issue is related to a Buffer Overflow vulnerability in the tgfile.htm function of D-Link devices, which allows a remote attacker to execute arbitrary code via the fn parameter. This can be exploited by a remote attacker to gain unauthorized access and execute arbitrary code.

Recommendations For D-Link DI-7003GV2 versions 23.08.25D1 and before, update to a version later than 23.08.25D1. For D-Link DI-7100G+V2 versions 23.08.23D1 and before, update to a version later than 23.08.23D1. For D-Link DI-7100GV2 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7200G+V2 versions 23.08.23D1 and before, update to a version later than 23.08.23D1. For D-Link DI-7200GV2 versions 23.08.23E1 and before, update to a version later than 23.08.23E1. For D-Link DI-7300G+V2 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7400G+V2 versions 23.08.23D1 and before, update to a version later than 23.08.23D1. As a temporary workaround, consider disabling the tgfile.htm function until a patch is available. Restrict access to the fn parameter in the tgfile.htm function to minimize the risk of exploitation.