CVE-2023-24799 – CVE-2023-24799 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2023-24799?

CVE-2023-24799 has a CVSS score of 9.8 (CRITICAL). CVE-2023-24799 is a critical stack overflow vulnerability in D-Link DIR878 routers that allows attackers to cause denial of service or execute arbitrary code via crafted network requests. This affects all users of DIR878 routers running vulnerable firmware version DIR_878_FW120B05.

📋 TL;DR

CVE-2023-24799 is a critical stack overflow vulnerability in D-Link DIR878 routers that allows attackers to cause denial of service or execute arbitrary code via crafted network requests. This affects all users of DIR878 routers running vulnerable firmware version DIR_878_FW120B05.

💻 Affected Systems

Products:

D-Link DIR878

Versions: DIR_878_FW120B05

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All DIR878 routers running this specific firmware version are vulnerable by default.

📦 What is this software?

Dir 878 Firmware by Dlink

View all CVEs affecting Dir 878 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise with remote code execution, allowing attackers to intercept traffic, modify configurations, or use the device as a pivot point into internal networks.

🟠

Likely Case

Router crash causing denial of service, requiring physical reset and disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access, though internal attackers could still exploit.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists in GitHub repositories, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check D-Link security bulletin for latest patched version

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Visit D-Link support website 2. Download latest firmware for DIR878 3. Log into router admin interface 4. Navigate to firmware update section 5. Upload and apply new firmware 6. Wait for router to reboot

🔧 Temporary Workarounds

Network Segmentation

all

Place router behind firewall with strict inbound rules to limit exposure

Disable Remote Management

all

Turn off remote administration features to reduce attack surface

🧯 If You Can't Patch

Replace vulnerable router with supported model
Implement strict network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router web interface for firmware version DIR_878_FW120B05

Check Version:

Check router admin interface at http://192.168.0.1 or http://dlinkrouter.local

Verify Fix Applied:

Verify firmware version has been updated to a version after DIR_878_FW120B05

📡 Detection & Monitoring

Log Indicators:

Unusual crash/reboot events in router logs
Multiple failed connection attempts to router services

Network Indicators:

Unusual traffic patterns to router management interface
Suspicious payloads in HTTP requests to router

SIEM Query:

source="router.log" AND ("crash" OR "reboot" OR "segfault")

📊 Metadata

CVE ID: CVE-2023-24799

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 7, 2023

Last Updated: February 13, 2025

🔗 References

https://github.com/DrizzlingSun/D-link/blob/main/Dir878/1/1.md Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory
https://github.com/DrizzlingSun/D-link/blob/main/Dir878/1/1.md Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24799, you might also want to check these: