Stack Overflow Vulnerability in D-Link DIR-816 Router
CVE-2022-29322

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-816 Firmware
Vendor: CVE Published:; 10 May 2022

Summary

The D-Link DIR-816 router has been identified with a stack overflow vulnerability due to improper handling of the IPADDR and nvmacaddr parameters in the /goform/form2Dhcpip interface. This flaw can be exploited, potentially allowing attackers to execute arbitrary code or disrupt normal operations of the device, thereby posing significant risks to the network's integrity and confidentiality.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-8...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 16, 2022