CVE-2023-33782

Description

D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability in the iperf3 diagnostics functionality.

Proof of concept

Proof Of Concept

Timeline

  • Dec 09, 2022 - Contact vendor
  • Dec 09, 2022 - Received response from vendor
  • Dec 10, 2022 - Sent vulnerability report to vendor
  • Feb 09, 2023 - Requested a status update from vendor
  • Mar 29, 2023 - Requested a status update from vendor
  • Mar 29, 2023 - Received a status update
  • Mar 31, 2023 - Received a potentially fixed firmware from vendor
  • Apr 03, 2023 - Reported that the new firmware does not fix the vulnerability
  • Apr 06, 2023 - Received response from vendor
  • May 25, 2023 - Assigned CVE
  • Jun 03, 2023 - Published exploit