CVE-2024-27656

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G version A1V1.0.2B05

Description The issue is related to a buffer overflow in the sub 41D354() function of the D-Link DIR-823G router's firmware when handling the Cookie parameter. This can allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS) via a crafted input.

Recommendations For D-Link DIR-823G version A1V1.0.2B05, consider disabling the sub 41D354() function until a patch is available to prevent exploitation. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the Cookie parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.