CVE-2023-33781
Published: 07 June 2023
Summary
CVE-2023-33781 is a high-severity an unspecified weakness vulnerability in Dlink Dir-842V2 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-33781 is an unauthenticated command execution vulnerability in the D-Link DIR-842V2 wireless router running firmware version 1.0.3. The flaw resides in the device's file-import functionality and permits an attacker to supply a specially crafted file that results in arbitrary command execution on the underlying system.
An attacker with low-privileged network access can exploit the issue by importing the malicious file, after which they obtain the ability to execute commands that fully compromise the confidentiality, integrity, and availability of the device. The CVSS 3.1 base score of 8.8 reflects the combination of network attack vector, low complexity, and high impact without requiring user interaction.
Public references include a D-Link security bulletin page and a proof-of-concept repository on GitHub. The EPSS score rose from a low baseline to a peak of 0.6192 on 2026-02-03 before receding to its current value of 0.3993, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-37932
Vulnerability details
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.