CVE-2023-44839
Published: 05 October 2023
Summary
CVE-2023-44839 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dlink Dir-823G Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
D-Link DIR-823G firmware version A1V1.0.2B05 contains a buffer overflow vulnerability in the SetWLanRadioSecurity function triggered by the Encryption parameter. The flaw is tracked as CVE-2023-44839, carries a CVSS 3.1 score of 7.5, and is classified under CWE-120. Successful exploitation results in a denial-of-service condition that disrupts wireless radio security handling.
An unauthenticated attacker with network access can submit a crafted HTTP request containing an oversized or malformed Encryption value to the affected function. Because the device performs no authentication or input-length validation before copying the parameter into a fixed-size buffer, the overflow corrupts memory and forces the device to reboot or become unresponsive.
Public references point to a D-Link security bulletin page and a GitHub repository that reproduces the crash, but neither source supplies a firmware update or configuration workaround at the time of disclosure.
The CVE’s EPSS score rose from a low baseline to a peak of 0.1471 before settling at the current value of 0.1117, indicating measurable post-disclosure exploitation interest that warrants renewed monitoring.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-49162
Vulnerability details
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.