Login Sign Up

CVE-2023-27718

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in D-Link DIR878 routers allows attackers to cause denial of service or execute arbitrary code by sending a specially crafted payload to the affected function. It affects users running firmware version 1.30B08 on DIR878 routers. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:
  • D-Link DIR878
Versions: 1.30B08
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All DIR878 routers running the affected firmware version are vulnerable in default configuration.

📦 What is this software?

Dir878 Firmware by Dlink

View all CVEs affecting Dir878 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to gain persistent access, intercept network traffic, pivot to internal networks, and potentially brick the device.

🟠

Likely Case

Router crash requiring physical reset, temporary network disruption, and potential credential theft if attackers can execute code.

🟢

If Mitigated

Limited to denial of service if network segmentation and proper firewall rules prevent external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub reference contains technical details that could facilitate exploitation. Stack overflow vulnerabilities in network-facing services are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check D-Link security bulletin for latest patched version

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Visit D-Link support site 2. Download latest firmware for DIR878 3. Log into router admin interface 4. Navigate to firmware update section 5. Upload and apply new firmware 6. Wait for router to reboot

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to router management interface

Network segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

  • Replace affected router with patched model or different vendor
  • Implement strict firewall rules blocking all external access to router management ports

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System > Firmware

Check Version:

Login to router web interface and navigate to firmware information page

Verify Fix Applied:

Confirm firmware version is newer than 1.30B08 after update

📡 Detection & Monitoring

Log Indicators:

  • Router crash/reboot logs
  • Unusual traffic patterns to router management interface
  • Failed authentication attempts followed by crash

Network Indicators:

  • Unusual payloads sent to router management ports
  • Traffic patterns matching known exploit signatures

SIEM Query:

source="router.logs" AND (event="crash" OR event="reboot") AND device_model="DIR878"

📊 Metadata

CVE ID: CVE-2023-27718
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 9, 2023
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27718, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)