Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers
CVE-2022-46570

7.2HIGH

Key Information:

Vendor: D-Link
Status: Dir-882 A1 Firmware
Vendor: CVE Published:; 23 December 2022

What is CVE-2022-46570?

D-Link DIR-882 and DIR-878 routers are susceptible to a stack overflow vulnerability through the Password parameter in the SetWan3Settings module. This flaw allows attackers to exploit improperly handled input, potentially enabling remote code execution or unauthorized access. Users are advised to review their firmware versions and apply necessary patches to mitigate the risk. Configuring router security settings and changing default passwords are additional preventative measures.

References

https://www.dlink.com/en/security-bulletin/

https://hackmd.io/%400dayResearch/r1zsTSmDs

https://hackmd.io/%400dayResearch/SetWan3Settings_l2tp

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Dec 5, 2022