VYPR
← All advisories
Unrated severityNVD Advisory· Published May 3, 2024· Updated Sep 18, 2024

D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability

CVE-2023-32150

Description

D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the handling of the PrefixLen parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19547.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

D-Link DIR-2640 PrefixLen command injection allows network-adjacent attackers to execute root-level code via HNAP1 endpoint.

Vulnerability

The vulnerability is a command injection in the PrefixLen parameter of the HNAP1 endpoint on D-Link DIR-2640 routers with firmware v1.11B02 and v1.11B02 Beta01. The lack of proper validation allows an attacker to inject arbitrary system commands. [1][2]

Exploitation

An attacker must be on the same network (network-adjacent) and able to send HTTP requests to the HNAP1 endpoint. Although authentication is normally required, there are known bypass techniques (see associated advisories). Once access is obtained, the attacker sends a crafted request with a malicious PrefixLen value to execute commands. [2]

Impact

Successful exploitation allows an attacker to execute arbitrary code as the root user, leading to full compromise of the router. [2]

Mitigation

D-Link has released a fixed firmware version v1.11B02_Beta_Hotfix (see reference [1] for details). Users should update to the latest firmware. If updating is not possible, consider isolating the router from untrusted network access. [1]

References
  1. D-Link Technical Support
  2. ZDI-23-542

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Dlink/DIR-2640llm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 1.11B02 (non-US, CA version)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.