Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Products
CVE-2022-46562

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

Summary

D-Link DIR-882 and DIR-878 devices are susceptible to a stack overflow vulnerability that can be exploited through the PSK parameter in the SetQuickVPNSettings module. This vulnerability may allow attackers to execute arbitrary code, potentially compromising device integrity and security.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/B1C9jeXDi

https://hackmd.io/%400dayResearch/SetQuickVPNSettings_PSK

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022