Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Products
CVE-2022-46566

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-46566?

D-Link DIR-882 and DIR-878 products are susceptible to a stack overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. This weakness may allow an attacker to execute arbitrary code or disrupt system operations. Users are encouraged to promptly update their firmware to mitigate potential risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/SyhDme7wo

https://hackmd.io/%400dayResearch/SetQuickVPNSettings_Pas...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022