CVE-2024-45623 is a critical security vulnerability identified in the D-Link DAP-2310 Hardware A device running Firmware version 1.16RC028. The flaw is a stack-based buffer overflow in the ATP binary component that processes PHP HTTP GET requests via the embedded Apache HTTP Server (httpd). This vulnerability allows remote attackers to execute arbitrary code on the affected device without requiring authentication or user interaction, making it highly exploitable over the network. The buffer overflow arises from improper input validation in the ATP binary when handling HTTP GET requests, enabling attackers to overwrite the stack and inject malicious payloads. The vulnerability is classified under CWE-94, indicating code injection issues. The CVSS v3.1 base score is 9.8, reflecting critical impact on confidentiality, integrity, and availability. Notably, this vulnerability affects only devices that are no longer supported by the vendor, and no patches or firmware updates have been released to address it. Although no known exploits have been reported in the wild, the ease of exploitation and potential for full device compromise make this a serious threat. The affected device is typically used in enterprise and small business network environments as a wireless access point, meaning exploitation could lead to network infiltration and lateral movement.

The impact of CVE-2024-45623 is severe for organizations still operating the affected D-Link DAP-2310 devices. Successful exploitation grants attackers remote code execution capabilities, allowing them to fully compromise the device. This can lead to unauthorized access to internal networks, interception or manipulation of network traffic, deployment of malware, and disruption of network services. Given the device’s role as a wireless access point, attackers could pivot to other critical infrastructure or sensitive data repositories. The lack of vendor support and absence of patches exacerbate the risk, as organizations cannot remediate the vulnerability through updates. This increases the likelihood of exploitation once publicly disclosed, potentially resulting in data breaches, operational downtime, and reputational damage. The vulnerability’s network-exploitable nature and no requirement for authentication make it attractive for attackers targeting legacy infrastructure.

Since no official patches or firmware updates are available for this vulnerability due to the device being out of support, organizations must adopt alternative mitigation strategies. First, identify all D-Link DAP-2310 Hardware A devices running Firmware 1.16RC028 or similar versions within the network. Immediately isolate these devices from critical network segments or the internet to reduce exposure. Replace affected devices with currently supported hardware that receives regular security updates. If replacement is not immediately feasible, implement strict network access controls such as firewall rules to block incoming HTTP GET requests targeting the ATP binary or restrict management interfaces to trusted IP addresses only. Monitor network traffic for suspicious activity indicative of exploitation attempts. Employ network segmentation to limit potential lateral movement from compromised devices. Finally, maintain an inventory of legacy devices and develop a decommissioning plan to avoid reliance on unsupported hardware in the future.