Cyber Resilience

CVE-2023-44839

HighPublic PoC

Published: 05 October 2023

Published
05 October 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.1117 93.7th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-44839 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dir-823G Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

D-Link DIR-823G firmware version A1V1.0.2B05 contains a buffer overflow vulnerability in the SetWLanRadioSecurity function triggered by the Encryption parameter. The flaw is tracked as CVE-2023-44839, carries a CVSS 3.1 score of 7.5, and is classified under CWE-120. Successful exploitation results in a denial-of-service condition that disrupts wireless radio security handling.

An unauthenticated attacker with network access can submit a crafted HTTP request containing an oversized or malformed Encryption value to the affected function. Because the device performs no authentication or input-length validation before copying the parameter into a fixed-size buffer, the overflow corrupts memory and forces the device to reboot or become unresponsive.

Public references point to a D-Link security bulletin page and a GitHub repository that reproduces the crash, but neither source supplies a firmware update or configuration workaround at the time of disclosure.

The CVE’s EPSS score rose from a low baseline to a peak of 0.1471 before settling at the current value of 0.1117, indicating measurable post-disclosure exploitation interest that warrants renewed monitoring.

EU & UK References

Vulnerability details

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-823g firmware
1.0.2b05

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References