CVE-2023-24800
D-link dir878 Unauthorized stack overflow vulnerability
1. Affected version:
D-link DIR_878_FW120B05
2. Firmware download address
[D-Link | Technical Support | Downloads (dlink.com.tw)](https://www.tenda.com.cn/download/detail-2683.html)
3. Vulnerability details
The function "sub_495220" contains a stack-based buffer overflow vulnerability. In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check, which may lead to overflow of the stack-based buffer. As a result, by requesting the page, an attacker can easily execute a denial of service attack or remote code execution with carefully crafted overflow data.
4. Recurring vulnerabilities and POC
Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time.
5. Author
Drizzling_Sun @KRlab
