March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple D-Link DAP Products Vulnerabilities
October 6, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 6, 2023Rewterz Threat Advisory – Multiple D-Link DAP Products Vulnerabilities
October 6, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 6, 2023
Severity
High
Analysis Summary
CVE-2023-44419 CVSS:8.8
D-Link DIR-X3260 routers are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the prog.cgi binary. By sending specially crafted HNAP requests, a remote attacker could overflow a buffer and execute arbitrary code in the context of root.
CVE-2023-44420 CVSS:8.8
D-Link DIR-X3260 routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the prog.cgi executable. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication on the device.
CVE-2023-44421 CVSS:8.8
D-Link DIR-X3260 routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44422 CVSS:8.8
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44423 CVSS:8.0
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44424 CVSS:8.0
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44425 CVSS:8.0
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44426 CVSS:8.0
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2023-44427 CVSS:8.0
D-Link DIR-X3260 routers could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the prog.cgi program. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
Impact
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-44419
- CVE-2023-44420
- CVE-2023-44421
- CVE-2023-44422
- CVE-2023-44423
- CVE-2023-44424
- CVE-2023-44425
- CVE-2023-44426
- CVE-2023-44427
Affected Vendors
D-Link
Affected Products
- D-Link DIR-X3260
Remediation
Refer to D-Link Web site for patch, upgrade or suggested workaround information.