Stack Overflow Vulnerability in D-Link DAP-1330 Router Firmware
CVE-2022-29328

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dap-1330 Firmware
Vendor: CVE Published:; 10 May 2022

Summary

The D-Link DAP-1330 router firmware version 1.00b21 is susceptible to a stack overflow vulnerability in the checkvalidupgrade function. Exploitation of this vulnerability could potentially allow an attacker to execute arbitrary code, leading to unauthorized access and control over the device. This highlights the critical need for users to regularly update their firmware and implement best security practices for IoT devices.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dap-1...

x_refsource_MISC

EPSS Score

44% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 16, 2022