CVE-2023-45577

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
dlinkdi-7003g_firmware
𝑥
≤ 23.08.25d1
dlinkdi-7100g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7100g_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7200g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7200g_firmware
𝑥
≤ 23.08.23e1
dlinkdi-7300g\+_firmware
𝑥
≤ 23.08.23d1
dlinkdi-7400g\+_firmware
𝑥
≤ 23.08.23d1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
d-linkdi-7003gv2.d1
𝑥
≤ v.23.08.25d1
ADP
d-linkdi-7200g_plus_v2.d1
𝑥
≤ v.23.08.23d1
ADP
d-linkdi-7100gv2.d1
𝑥
≤ v.23.08.23d1
ADP
d-linkdi-7200g_plus_v2.d1
𝑥
≤ v.23.08.23d1
ADP
d-linkdi-7200gv2.e1
𝑥
≤ v.23.08.23e1
ADP
d-linkdi-7300g_plus_v2.d1
𝑥
≤ v.23.08.23d1
ADP
d-linkdi-7400g_plus_v2.d1
𝑥
≤ v.23.08.23d1
ADP
Common Weakness Enumeration
References
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug9.md