CVE-2023-25282

Vulnerability

A heap overflow vulnerability exists in the /sbin/ncc2 component of D-Link DIR820LA1 firmware version 106B02. The flaw occurs in the sub_492A68 function, which processes parameters config.log_to_syslog and log_opt_dropPackets from the mydlink_api.ccp endpoint. The strcpy function is used without verifying the length of the parameters, and the allocated heap space is controllable, leading to a heap overflow that can corrupt critical router configuration data [1].

Exploitation

An unauthenticated attacker can trigger the vulnerability by sending a crafted POST request to /mydlink_api.ccp with long values for the config.log_to_syslog and log_opt_dropPackets parameters. No authentication or special network position is required; the attack can be performed remotely. The reference includes a proof-of-concept (POC) demonstrating the attack vector [1].

Impact

Successful exploitation can cause a permanent denial of service (DoS) by corrupting global variables, such as eamilInfo, which may destroy the router's web service and configuration. This can render the device unusable, requiring a firmware reflash or hardware replacement. The vendor advisory describes this as a permanent DoS vulnerability [1].

Mitigation

As of the reference publication date (March 2023), no firmware patch has been released by D-Link. The affected device model DIR-820L is likely end-of-life (EOL); D-Link's security bulletin states that EOL products may not receive fixes [2]. Users should consider upgrading to a supported device if available, or isolate the router from untrusted networks. No workaround is provided [1][2].