CVE-2023-24798

Vulnerability

A stack overflow vulnerability exists in the sub_475FB0 function of D-Link DIR878 routers running firmware version DIR_878_FW120B05. The flaw is triggered when the device processes a specially crafted payload, leading to memory corruption. The affected firmware version is explicitly named in the CVE description, and the vulnerability resides in a function that handles network input.

Exploitation

An attacker can exploit this vulnerability by sending a crafted payload over the network to the affected D-Link DIR878 device. No authentication is required, as the vulnerable function is reachable from the network-facing interface. The attacker must be able to deliver the malicious payload to the device's processing stack, which can be done remotely if the device is accessible.

Impact

Successful exploitation allows an attacker to cause a denial of service (DoS) by crashing the device or to execute arbitrary code with the privileges of the affected process. This could lead to full compromise of the router, including the ability to modify network traffic, install malware, or pivot to other devices on the network.

Mitigation

As of the publication date, no official patch has been released by D-Link. The vendor's security bulletin page [1] provides general guidance but does not list a specific fix for this CVE. Users should monitor the D-Link security bulletin for updates and consider isolating the device from untrusted networks or replacing it if it reaches end-of-life (EOL) status.