September 26, 2024
Episode 15
CVE-2024-45623: Unauthenticated RCE in D-Link DAP-2310
Authors: Hahna Kane Latonick and Jonathan Waterman
Dark Wolf Solutions recently disclosed a vulnerability to D-Link that results in unauthenticated remote code execution (RCE) in their DAP-2310 REV-A Wireless Access Point (AP) product running the latest firmware version 1.16RC028. D-Link wireless products are based on industry standards to provide high-speed wireless connectivity that is easy to use within your home, business or public access wireless networks. Shown in Figure 1, the DAP-2310 enables network administrators to easily deploy robust 802.11n wireless networks with multiple operation modes (e.g., access point, wireless distribution system, AP repeater), high performance connectivity and security (e.g., WPA2 encryption), and easy management.
Target Analysis
The DAP-2310 runs on the MIPS architecture, which is a type of reduced instruction set computer (RISC) architecture. MIPS stands for Microprocessor without Interlocked Pipelined Stages. The DAP-2310 is also a big-endian device, storing the most significant byte of a word at the smallest memory address and the least significant byte at the largest. A little-endian system, in contrast, stores the least significant byte at the smallest address. Of the two, big-endian resembles the way we write left-to-right in English.