Stack-based Buffer Overflow in D-Link DIR-890L Wi-Fi Router Firmware
CVE-2022-30521

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-890l Firmware
Vendor: CVE Published:; 2 June 2022

Summary

The D-Link DIR-890L Wi-Fi router contains a stack-based buffer overflow vulnerability in its LAN-side Web Configuration Interface. This flaw arises from the firmware's failure to validate the length of strings received through HTTP headers in the sprintf function. Attackers can easily manipulate this vulnerability by sending specially crafted payloads to port 49152, enabling them to execute arbitrary code remotely. Users of the DIR-890L should ensure they update to the latest firmware version to mitigate potential security risks.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/winmt/CVE/blob/main/DIR-890L/README.md

https://github.com/winmt/my-vuls/tree/main/DIR-890L

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
May 9, 2022