CVE-2023-45574
CRITICALD-Link DI-7003G Firmware < 23.08.25d1 - Remote Code Execution via fn Parameter
Title source: llmDescription
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug2.md
Vendor Advisory
https://www.dlink.com/en/security-bulletin/
Scores
CVSS v3
9.8
EPSS
0.2263
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (7)
dlink/di-7003g_firmware
< 23.08.25d1
dlink/di-7100g\+_firmware
< 23.08.23d1
dlink/di-7100g_firmware
< 23.08.23d1
dlink/di-7200g\+_firmware
< 23.08.23d1
dlink/di-7200g_firmware
< 23.08.23e1
dlink/di-7300g\+_firmware
< 23.08.23d1
dlink/di-7400g\+_firmware
< 23.08.23d1
Published
Oct 16, 2023
Tracked Since
Feb 18, 2026