Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers
CVE-2022-46569

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

Summary

D-Link DIR-882 and DIR-878 routers are susceptible to a stack overflow vulnerability caused by improper handling of the Key parameter in the SetWLanRadioSecurity module. This flaw may allow attackers to exploit the stack overflow, potentially leading to unauthorized access or loss of data integrity. Users are advised to ensure they are using the latest firmware versions to mitigate this risk.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/r1R6sWRUs

https://hackmd.io/%400dayResearch/SetWLanRadioSecurity

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022