CVE-2023-45575 – A critical stack overflow vulnerability in mult... (How to Fix)

Q: What is the severity of CVE-2023-45575?

CVE-2023-45575 has a CVSS score of 9.8 (CRITICAL). A critical stack overflow vulnerability in multiple D-Link router models allows remote attackers to execute arbitrary code via the ip parameter in the ip_position.asp function. This affects D-Link DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200G+V2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 devices running vulnerable firmware versions. Attackers can gain complete control of affected devices without authentication.

📋 TL;DR

A critical stack overflow vulnerability in multiple D-Link router models allows remote attackers to execute arbitrary code via the ip parameter in the ip_position.asp function. This affects D-Link DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200G+V2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 devices running vulnerable firmware versions. Attackers can gain complete control of affected devices without authentication.

💻 Affected Systems

Products:

D-Link DI-7003GV2.D1
D-Link DI-7100G+V2.D1
D-Link DI-7100GV2.D1
D-Link DI-7200G+V2.D1
D-Link DI-7200GV2.E1
D-Link DI-7300G+V2.D1
D-Link DI-7400G+V2.D1

Versions: DI-7003GV2.D1 v23.08.25D1 and before, DI-7100G+V2.D1 v23.08.23D1 and before, DI-7100GV2.D1 v23.08.23D1, DI-7200G+V2.D1 v23.08.23D1 and before, DI-7200GV2.E1 v23.08.23E1 and before, DI-7300G+V2.D1 v23.08.23D1, DI-7400G+V2.D1 v23.08.23D1 and before

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected devices with default configurations are vulnerable. The vulnerability is in the web management interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution resulting in device takeover, credential theft, and use as pivot point for internal network attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Directly exploitable from internet without authentication on exposed devices.

🏢 Internal Only: HIGH - Exploitable from any network segment with access to device management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in GitHub repository. Exploitation requires sending crafted HTTP request to ip_position.asp endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check D-Link security advisories for firmware updates. 2. Download latest firmware for your specific model. 3. Backup configuration. 4. Upload firmware via web interface. 5. Reboot device. 6. Restore configuration if needed.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to device management interface using firewall rules.

Disable Remote Management

all

Turn off WAN-side management access if enabled.

🧯 If You Can't Patch

Isolate affected devices in separate VLAN with strict firewall rules
Implement network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: Login > Maintenance > Firmware Upgrade > check current version

Check Version:

curl -k https://[device-ip]/info.html | grep -i firmware

Verify Fix Applied:

Verify firmware version is newer than affected versions listed above

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /ip_position.asp with long ip parameters
Unusual process execution in device logs
Failed authentication attempts followed by successful exploitation

Network Indicators:

HTTP POST requests to ip_position.asp endpoint
Unusual outbound connections from router
Traffic patterns indicating command and control

SIEM Query:

source="router_logs" AND (url="/ip_position.asp" OR url CONTAINS "ip_position") AND (param="ip" AND length(param_value)>100)

📊 Metadata

CVE ID: CVE-2023-45575

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 16, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md Exploit,Third Party Advisory
https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7xxxx/bug5.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45575, you might also want to check these: