The vulnerability of the SetHostIPv6Settings() function in the IPv6Mode mode of the D-Link DAP-1325 wireless signal booster software allows a hacker to execute arbitrary code.

🗓️ 28 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

D-Link DAP-1325 IPv6 mode SetHostIPv6Settings overflow enables code execution during XML processing.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2023-41206	3 May 202403:15	–	attackerkb
CNNVD	D-Link DAP-1325 安全漏洞	3 May 202400:00	–	cnnvd
CNVD	D-Link DAP-1325 Stack Buffer Overflow Vulnerability (CNVD-2024-33901)	19 Jul 202400:00	–	cnvd
CVE	CVE-2023-41206	3 May 202402:12	–	cve
Cvelist	CVE-2023-41206 D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability	3 May 202402:12	–	cvelist
EUVD	EUVD-2023-45723	3 Oct 202520:07	–	euvd
NVD	CVE-2023-41206	3 May 202403:15	–	nvd
OSV	CVE-2023-41206	3 May 202403:15	–	osv
Positive Technologies	PT-2022-6985 · D Link · D-Link Dap-1325	28 Sep 202200:00	–	ptsecurity
Vulnrichment	CVE-2023-41206 D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability	3 May 202402:12	–	vulnrichment

Vulners

Node

d-link dap-1325Range≤1.07b01

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1314/
vuldb	www.vuldb.com/ru/
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx
web	www.web.nvd.nist.gov/view/vuln/detail

28 Sep 2023 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 28.3

CVSS 38.8

EPSS0.00855

D-Link DAP-1325 IPv6 mode SetHostIPv6Settings buffer overflow markup language processing remote code execution