CVE-2023-35751 – This is a critical stack-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2023-35751?

CVE-2023-35751 has a CVSS score of 8.8 (HIGH). This is a critical stack-based buffer overflow vulnerability in D-Link DAP-2622 routers that allows network-adjacent attackers to execute arbitrary code as root without authentication. The vulnerability exists in the DDP service due to insufficient input validation when processing authentication profile usernames. All users of affected DAP-2622 routers are at risk.

📋 TL;DR

This is a critical stack-based buffer overflow vulnerability in D-Link DAP-2622 routers that allows network-adjacent attackers to execute arbitrary code as root without authentication. The vulnerability exists in the DDP service due to insufficient input validation when processing authentication profile usernames. All users of affected DAP-2622 routers are at risk.

💻 Affected Systems

Products:

D-Link DAP-2622

Versions: All versions prior to firmware 1.10B05

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The DDP service runs by default on port 41234/TCP and is accessible to network-adjacent attackers without authentication.

📦 What is this software?

Dap 2622 Firmware by Dlink

View all CVEs affecting Dap 2622 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router with root privileges, allowing attackers to intercept network traffic, modify configurations, install persistent malware, and pivot to internal networks.

🟠

Likely Case

Router takeover leading to credential theft, DNS hijacking, man-in-the-middle attacks, and network disruption.

🟢

If Mitigated

Limited impact if router is isolated from untrusted networks and has strict network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with technical details available, making exploitation relatively straightforward for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware 1.10B05

Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349

Restart Required: Yes

Instructions:

1. Download firmware 1.10B05 from D-Link support site. 2. Log into router web interface. 3. Navigate to Maintenance > Firmware Update. 4. Upload and install the new firmware. 5. Reboot the router.

🔧 Temporary Workarounds

Block DDP Service Access

linux

Use firewall rules to block access to the vulnerable DDP service on port 41234/TCP from untrusted networks.

iptables -A INPUT -p tcp --dport 41234 -j DROP

Disable DDP Service

all

If DDP functionality is not required, disable the service entirely through router configuration.

🧯 If You Can't Patch

Segment the router on a dedicated VLAN isolated from critical systems and user networks.
Implement strict network access controls to limit which devices can communicate with the router's management interface.

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in router web interface under Status > Device Info. If version is earlier than 1.10B05, the device is vulnerable.

Check Version:

Check router web interface or use SNMP query if enabled.

Verify Fix Applied:

Confirm firmware version shows 1.10B05 or later after update. Test that DDP service still functions if needed for legitimate use.

📡 Detection & Monitoring

Log Indicators:

Unusual connections to port 41234
Multiple failed authentication attempts to DDP service
Router configuration changes from unexpected sources

Network Indicators:

Unusual traffic patterns to/from router on port 41234
Suspicious payloads in DDP protocol traffic

SIEM Query:

source_ip="router_ip" AND dest_port=41234 AND (payload_size>normal OR protocol_anomaly=true)

📊 Metadata

CVE ID: CVE-2023-35751

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: May 3, 2024

Last Updated: May 13, 2025

🔗 References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349 Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1256/ Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349 Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1256/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35751, you might also want to check these: