Heap Overflow Vulnerability in D-Link DIR820LA
CVE-2023-25282

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: Dir-820l Firmware
Vendor: CVE Published:; 15 March 2023

Summary

D-Link DIR820LA is vulnerable to a heap overflow flaw that allows malicious actors to trigger a denial of service condition. By exploiting the 'config.log_to_syslog' and 'log_opt_dropPackets' parameters within the 'mydlink_api.ccp', an attacker could manipulate the device's logging functionality, leading to potential disruption of service. This vulnerability poses significant risks to users as it could impact the availability of the network services dependent on the affected router.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/migraine-sudo/D_Link_Vuln/tree/main/Pe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2023
Vulnerability Reserved
Feb 6, 2023