DD-WRT 45723 - UPNP Buffer Overflow | Advisories

Advisories

DD-WRT 45723 - UPNP Buffer Overflow

severity: high
date: 1/21/2026
Affecting: DD-WRT 45723
CVE: CVE-2021-47854
CWE: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49730
DD-WRT Official Vendor Homepage
DD-WRT Software Download Repository
SSD Security Advisory for DD-WRT UPNP Buffer Overflow
Credit: Selim Enes 'Enesdex' Karaduman
Description: DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo