Stack Overflow Vulnerability in D-Link Router Products
CVE-2022-46568

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-46568?

A vulnerability was identified in D-Link DIR-882 and DIR-878 routers that allows for a stack overflow through the AccountPassword parameter within the SetSysEmailSettings module. This flaw could potentially allow attackers to execute arbitrary code or disrupt service, putting user security at risk. It is essential for users to apply available patches to safeguard their systems from potential exploitation.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/B1SZP0aIo

https://hackmd.io/%400dayResearch/SetSysEmailSettings

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022