PT-2023-6707 · D Link · D-Link N300 Wi-Fi Router Dir-605L
Xsz
·
Published
2023-02-10
·
Updated
2023-04-26
·
CVE-2023-24350
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link N300 WI-FI Router DIR-605L version 2.13B01
Description
The issue is related to a stack overflow in the D-Link N300 WI-FI Router DIR-605L, which can be triggered via the
config.smtp email subject parameter at the "/goform/formSetEmail" endpoint. This can potentially allow a remote attacker to cause a denial of service or execute arbitrary code.Recommendations
For D-Link N300 WI-FI Router DIR-605L version 2.13B01, consider disabling the
/goform/formSetEmail endpoint or restricting access to the config.smtp email subject parameter until a patch is available. Avoid using the config.smtp email subject parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link N300 Wi-Fi Router Dir-605L