D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-37317
8.8HIGH
What is CVE-2023-37317?
A vulnerability exists in the DDP service of D-Link's DAP-2622 router that allows attackers to execute arbitrary code through a stack-based buffer overflow. This flaw is caused by insufficient validation of the length of user-supplied data before being copied to a fixed-length stack buffer. Attackers located on the same network can exploit this issue without needing authentication, enabling them to potentially execute code with root-level privileges. It is critical for users of affected models to apply available patches to mitigate the risks associated with this vulnerability.
Affected Version(s)
DAP-2622 1.00 dated 16-12-2020