First published: Wed Jan 18 2023(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.
Affected Software | Affected Version | How to fix |
---|---|---|
D-Link DIR-3040 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is ZDI-23-052.
The severity of ZDI-23-052 is high with a severity value of 8.8.
The vulnerability in D-Link DIR-3040 routers allows network-adjacent attackers to execute arbitrary code by exploiting a heap-based buffer overflow in the MiniDLNA service.
No, authentication is not required to exploit this vulnerability in D-Link DIR-3040 routers.
Yes, you can find references for this vulnerability at the following links: [Reference 1](http://www.zerodayinitiative.com/advisories/ZDI-23-052/), [Reference 2](https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10322), [Reference 3](https://www.zerodayinitiative.com/advisories/ZDI-23-052/).