First published: Wed Jan 18 2023(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.
Affected Software | Affected Version | How to fix |
---|---|---|
D-Link DIR-3040 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is ZDI-CAN-19910.
The severity of ZDI-CAN-19910 is high with a CVSS score of 8.8.
The vulnerability in D-Link DIR-3040 routers occurs due to a heap-based buffer overflow in the MiniDLNA service.
Network-adjacent attackers can exploit this vulnerability.
No, authentication is not required to exploit this vulnerability.
You can find more information about this vulnerability at the following links: [Link 1](http://www.zerodayinitiative.com/advisories/ZDI-23-052/), [Link 2](https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10322), [Link 3](https://www.zerodayinitiative.com/advisories/ZDI-23-052/).