Cyber Resilience

CVE-2023-33781

HighPublic PoC

Published: 07 June 2023

Published
07 June 2023
Modified
07 January 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1238 94.1th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-33781 is a high-severity an unspecified weakness vulnerability in Dlink Dir-842V2 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-33781 is an unauthenticated command execution vulnerability in the D-Link DIR-842V2 wireless router running firmware version 1.0.3. The flaw resides in the device's file-import functionality and permits an attacker to supply a specially crafted file that results in arbitrary command execution on the underlying system.

An attacker with low-privileged network access can exploit the issue by importing the malicious file, after which they obtain the ability to execute commands that fully compromise the confidentiality, integrity, and availability of the device. The CVSS 3.1 base score of 8.8 reflects the combination of network attack vector, low complexity, and high impact without requiring user interaction.

Public references include a D-Link security bulletin page and a proof-of-concept repository on GitHub. The EPSS score rose from a low baseline to a peak of 0.6192 on 2026-02-03 before receding to its current value of 0.3993, indicating measurable post-disclosure exploitation interest.

EU & UK References

Vulnerability details

An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-842v2 firmware
1.0.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References