The vulnerability of the SetHostIPv6StaticSettings StaticPrefixLength() function in the software of the D-Link DAP-1325 wireless signal booster device allows a hacker to execute arbitrary code.

🗓️ 19 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength flaw enables remote code execution via unsafe OS commands.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2023-41200	3 May 202403:15	–	attackerkb
CNNVD	D-Link DAP-1325 安全漏洞	3 May 202400:00	–	cnnvd
CNVD	D-Link DAP-1325 Command Injection Vulnerability (CNVD-2024-33899)	19 Jul 202400:00	–	cnvd
CVE	CVE-2023-41200	3 May 202402:11	–	cve
Cvelist	CVE-2023-41200 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability	3 May 202402:11	–	cvelist
EUVD	EUVD-2023-45717	3 Oct 202520:07	–	euvd
NVD	CVE-2023-41200	3 May 202403:15	–	nvd
OSV	CVE-2023-41200	3 May 202403:15	–	osv
Positive Technologies	PT-2022-6960 · D Link · D-Link Dap-1325	26 Sep 202200:00	–	ptsecurity
Vulnrichment	CVE-2023-41200 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability	3 May 202402:11	–	vulnrichment

Vulners

Node

d-link dap-1325Range≤1.07b01

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1308/
vuldb	www.vuldb.com/ru/
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx
web	www.web.nvd.nist.gov/view/vuln/detail

19 Sep 2023 00:00Current

8High risk

Vulners AI Score8

CVSS 28.3

CVSS 38.8

EPSS0.01756

D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Remote code execution OS commands