Login Sign Up

CVE-2023-46012

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the LINKSYS EA7500 router's UPnP service allows remote attackers to execute arbitrary code via specially crafted HTTP requests. This affects users running firmware version 3.0.1.207964. Attackers can potentially take full control of affected routers.

💻 Affected Systems

Products:
  • LINKSYS EA7500
Versions: Firmware version 3.0.1.207964
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: UPnP is typically enabled by default on consumer routers. Other LINKSYS models may be affected but not confirmed.

📦 What is this software?

Ea7500 Firmware by Linksys

View all CVEs affecting Ea7500 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to intercept all network traffic, install persistent malware, pivot to internal network devices, and use router as botnet node.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and installation of cryptocurrency miners or ransomware.

🟢

If Mitigated

Limited impact if UPnP is disabled and router is behind firewall with restricted WAN access.

🌐 Internet-Facing: HIGH - UPnP service is typically internet-facing and vulnerable to unauthenticated remote attacks.
🏢 Internal Only: MEDIUM - Attackers on local network could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists on GitHub. The vulnerability is in the UPnP IGD service which handles HTTP requests without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown - check LINKSYS security advisories

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Check for firmware updates in Administration > Firmware Upgrade. 3. Apply any available updates. 4. Reboot router after update.

🔧 Temporary Workarounds

Disable UPnP

all

Turn off Universal Plug and Play service to prevent exploitation

Restrict WAN Access

linux

Block external access to UPnP ports (typically 1900/udp and 5000/tcp)

iptables -A INPUT -p udp --dport 1900 -j DROP
iptables -A INPUT -p tcp --dport 5000 -j DROP

🧯 If You Can't Patch

  • Replace router with patched model or different vendor
  • Place router behind dedicated firewall with strict ingress filtering

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 3.0.1.207964, device is vulnerable.

Check Version:

Check via router web interface at 192.168.1.1 or use: nmap -sV -p 80,443 <router_ip>

Verify Fix Applied:

Verify firmware version is updated beyond 3.0.1.207964. Test UPnP service with controlled exploit attempt.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to UPnP service
  • Multiple buffer overflow attempts in router logs
  • Unexpected process crashes or restarts

Network Indicators:

  • Abnormal traffic to router UPnP ports from external IPs
  • Sudden outbound connections from router to suspicious IPs

SIEM Query:

source="router.logs" AND ("UPnP" OR "IGD") AND ("overflow" OR "crash" OR "malformed")

📊 Metadata

CVE ID: CVE-2023-46012
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: May 7, 2024
Last Updated: June 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46012, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)