CVE-2023-45576

Name of the Vulnerable Software and Affected Versions D-Link DI-7003GV2.D1 versions 23.08.25D1 and earlier D-Link DI-7100G+V2.D1 versions 23.08.23D1 and earlier D-Link DI-7100GV2.D1 version 23.08.23D1 D-Link DI-7200G+V2.D1 versions 23.08.23D1 and earlier D-Link DI-7200GV2.E1 versions 23.08.23E1 and earlier D-Link DI-7300G+V2.D1 version 23.08.23D1 D-Link DI-7400G+V2.D1 versions 23.08.23D1 and earlier

Description The issue is related to a Buffer Overflow in the upnp ctrl.asp function, allowing a remote attacker to execute arbitrary code via the remove ext proto and remove ext port parameters. This can enable an attacker to perform unauthorized actions on the affected devices.

Recommendations For D-Link DI-7003GV2.D1 versions 23.08.25D1 and earlier, update to a version later than 23.08.25D1. For D-Link DI-7100G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. For D-Link DI-7100GV2.D1 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7200G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. For D-Link DI-7200GV2.E1 versions 23.08.23E1 and earlier, update to a version later than 23.08.23E1. For D-Link DI-7300G+V2.D1 version 23.08.23D1, update to a version later than 23.08.23D1. For D-Link DI-7400G+V2.D1 versions 23.08.23D1 and earlier, update to a version later than 23.08.23D1. As a temporary workaround, consider disabling the upnp ctrl.asp function until a patch is available.