CVE-2023-39671

Vulnerability

A buffer overflow vulnerability exists in D-Link DIR-880 routers running firmware version A1_FW107WWb08. The issue is located in the function FUN_0001be68, which can be triggered by sending specially crafted network traffic to the device. The affected product is the D-Link DIR-880 with firmware A1_FW107WWb08. The vendor's support page [1] indicates that this model may be end-of-life and no longer receives firmware updates, as it is listed on the legacy products site.

Exploitation

An attacker can exploit this vulnerability by sending a malformed packet to the target device. No authentication is required as the vulnerable function is accessible over the network. The attacker needs network connectivity to the router's management interface and can trigger the overflow without any user interaction. The exact sequence of steps involves sending a larger-than-expected input to the vulnerable function FUN_0001be68, causing a buffer overflow.

Impact

Successful exploitation could allow an attacker to cause a denial of service or potentially execute arbitrary code on the affected router. As the router runs with system-level privileges, code execution would result in full compromise of the device, including the ability to modify network traffic, intercept communications, or pivot to other devices on the network.

Mitigation

D-Link has not released a security update for this vulnerability [1][2]. The DIR-880 model appears to be end-of-life (EOL) and is listed on D-Link's legacy products site, which no longer receives firmware updates [1]. Users are advised to replace the device with a supported model that continues to receive security patches. No workaround is available. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.