D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-37311
8.8HIGH
What is CVE-2023-37311?
The vulnerability in D-Link DAP-2622 devices arises due to a stack-based buffer overflow within the DDP service. This flaw permits network-adjacent attackers to execute arbitrary code on the affected devices without requiring any form of authentication. The vulnerability stems from inadequate validation of user-supplied data length before copying it into a fixed-length buffer. Successful exploitation may allow an attacker to execute malicious code in the context of the root user, presenting significant security implications for affected installations.
Affected Version(s)
DAP-2622 1.00 dated 16-12-2020