CVE-2023-45576

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
dlinkdi-7003g_firmware
𝑥
≤ 23.08.25d1
dlinkdi-7100g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7100g_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7200g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7200g_firmware
𝑥
≤ 23.08.23e1
dlinkdi-7300g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7400g\+_firmware
𝑥
≤ 23.08.23d1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug3.md