Buffer Overflow Vulnerability in D-Link DIR-882 Routers
CVE-2022-44807

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-882 Firmware
Vendor: CVE Published:; 22 November 2022

What is CVE-2022-44807?

The D-Link DIR-882 routers in versions 1.10B02 and 1.20B06 are susceptible to a buffer overflow vulnerability that can be exploited via the webGetVarString function. This flaw can potentially allow attackers to execute arbitrary code, compromising the security of devices connected to the network. Users are advised to apply the latest firmware updates and follow best practices for securing their network devices.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/RobinWang825/IoT_vuln/tree/main/D-Link...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2022
Vulnerability Reserved
Nov 7, 2022