CVE-2023-43237
Published: 21 September 2023
Summary
CVE-2023-43237 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Dlink Dir-816 A2 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR-816 A2 firmware version 1.10CNB05 contains a stack-based buffer overflow vulnerability (CWE-121, CWE-787) in the setMAC function triggered by the macCloneMac parameter. The flaw permits an out-of-bounds write on the stack and carries a CVSS 3.1 score of 9.8, reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can send a crafted HTTP request containing an oversized macCloneMac value to the device's web management interface, resulting in arbitrary code execution, denial of service, or full device takeover. Successful exploitation grants the attacker the same privileges as the firmware process, typically root-level control over the router.
Public references include a detailed proof-of-concept on GitHub and D-Link's security bulletin page; the bulletin does not enumerate specific firmware patches or workarounds in the supplied references. The CVE's EPSS score has reached a peak of 0.6064 with a current value of 0.5799, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-47656
Vulnerability details
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.