Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Products
CVE-2022-46566

7.2HIGH

Key Information:

Vendor
D-Link
Status
Dir-882 A1 Firmware
Vendor
CVE Published:
23 December 2022

Summary

D-Link DIR-882 and DIR-878 products are susceptible to a stack overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. This weakness may allow an attacker to execute arbitrary code or disrupt system operations. Users are encouraged to promptly update their firmware to mitigate potential risks associated with this vulnerability.

References

https://www.dlink.com/en/security-bulletin/
https://hackmd.io/%400dayResearch/SyhDme7wo
https://hackmd.io/%400dayResearch/SetQuickVPNSettings_Pas...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.