Stack Overflow Vulnerability in D-Link Router Models
CVE-2022-46561

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-46561?

D-Link routers DIR-882 and DIR-878 have a stack overflow vulnerability in the SetWanSettings module, specifically triggered by the Password parameter. This could potentially allow attackers to execute arbitrary code or impact device functionality, highlighting the need for users to update their firmware promptly to safeguard their networks.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/ry55QVQvj

https://hackmd.io/%400dayResearch/SetWanSettings_PPPoE

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022