Stack Overflow Vulnerability in D-Link Routers
CVE-2022-46563

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

Summary

The D-Link DIR-882 and DIR-878 routers are impacted by a stack overflow vulnerability originating from an unchecked Password parameter in the SetDynamicDNSSettings module. This flaw could allow remote attackers to exploit the device, potentially leading to unauthorized access or disruption of service. Users are advised to review their firmware versions and apply necessary updates to mitigate the risk associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/HkDzZLCUo

https://hackmd.io/%400dayResearch/SetDynamicDNSSettings

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022