DD-WRT 45723 - UPNP Buffer Overflow | Advisories

Advisories

DD-WRT 45723 - UPNP Buffer Overflow

severity: high
date: January 21, 2026
Affecting: DD-WRT 45723
CVE: CVE-2021-47854
CWE: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49730
DD-WRT Official Vendor Homepage
DD-WRT Software Download Repository
SSD Security Advisory for DD-WRT UPNP Buffer Overflow
Credit: Selim Enes 'Enesdex' Karaduman
Description: DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.